{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 15.083
      },
      {
        "name": "AnalysisInfo",
        "time": 0.075
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.983
      },
      {
        "name": "Debug",
        "time": 0.002
      },
      {
        "name": "NetworkAnalysis",
        "time": 25.519
      },
      {
        "name": "Suricata",
        "time": 21.601
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_objects",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "banker_prinimalka",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "firefox_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "deletes_self",
        "time": 0.0
      },
      {
        "name": "deletes_shadow_copies",
        "time": 0.0
      },
      {
        "name": "deletes_system_state_backup",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_mappeddrives_autodisconnect",
        "time": 0.0
      },
      {
        "name": "disables_spdy",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "guloader_apis",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "koadic_apis",
        "time": 0.0
      },
      {
        "name": "koadic_network_activity",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "cryptbot_network",
        "time": 0.0
      },
      {
        "name": "masslogger_artifacts",
        "time": 0.0
      },
      {
        "name": "masslogger_version",
        "time": 0.0
      },
      {
        "name": "purplewave_network_activity",
        "time": 0.0
      },
      {
        "name": "quilclipper_behavior",
        "time": 0.0
      },
      {
        "name": "raccoon_behavior",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "vidar_behavior",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_needextension",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "loader_alien",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypt_pcinfo",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agenttesla_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_agentteslat2_http",
        "time": 0.0
      },
      {
        "name": "encrypt_data_nanocore",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_document_file",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "nemty_network_activity",
        "time": 0.0
      },
      {
        "name": "nemty_note",
        "time": 0.0
      },
      {
        "name": "sodinokibi_behavior",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_registry",
        "time": 0.0
      },
      {
        "name": "blackrat_apis",
        "time": 0.0
      },
      {
        "name": "blackrat_network_activity",
        "time": 0.0
      },
      {
        "name": "blackrat_registry_keys",
        "time": 0.0
      },
      {
        "name": "dcrat_behavior",
        "time": 0.0
      },
      {
        "name": "karagany_system_event_objects",
        "time": 0.0
      },
      {
        "name": "rat_luminosity",
        "time": 0.0
      },
      {
        "name": "rat_nanocore",
        "time": 0.0
      },
      {
        "name": "netwire_behavior",
        "time": 0.0
      },
      {
        "name": "obliquerat_network_activity",
        "time": 0.0
      },
      {
        "name": "orcusrat_behavior",
        "time": 0.0
      },
      {
        "name": "trochilusrat_apis",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "remcos_shell_code_dynamic_wrapper_x",
        "time": 0.0
      },
      {
        "name": "removes_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "trickbot_task_delete",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "neshta_files",
        "time": 0.0
      },
      {
        "name": "neshta_regkeys",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_to_create_scheduled_task",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.001
      },
      {
        "name": "bot_drive2",
        "time": 0.001
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.005
      },
      {
        "name": "network_ip_exe",
        "time": 0.001
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.008
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.002
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.002
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.003
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.001
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.001
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.001
      },
      {
        "name": "accesses_public_folder",
        "time": 0.001
      },
      {
        "name": "accesses_sysvol",
        "time": 0.002
      },
      {
        "name": "writes_sysvol",
        "time": 0.001
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.019
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.057
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.035
      },
      {
        "name": "antiav_detectreg",
        "time": 0.271
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.006
      },
      {
        "name": "antiemu_windefend",
        "time": 0.002
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.001
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.005
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.003
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.012
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.005
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.016
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.003
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.014
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.031
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.005
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.021
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.011
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.015
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "gulpix_behavior",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.005
      },
      {
        "name": "okrum_mutexes",
        "time": 0.0
      },
      {
        "name": "banker_cridex",
        "time": 0.001
      },
      {
        "name": "geodo_banking_trojan",
        "time": 0.01
      },
      {
        "name": "banker_spyeye_mutexes",
        "time": 0.001
      },
      {
        "name": "banker_zeus_mutex",
        "time": 0.001
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.001
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.001
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.002
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.005
      },
      {
        "name": "checks_uac_status",
        "time": 0.002
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.001
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "carberp_mutex",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.001
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.002
      },
      {
        "name": "file_credential_store_write",
        "time": 0.001
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.002
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.001
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "cypherit_mutexes",
        "time": 0.0
      },
      {
        "name": "darkcomet_regkeys",
        "time": 0.004
      },
      {
        "name": "datop_loader",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.002
      },
      {
        "name": "disables_browser_warn",
        "time": 0.002
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.002
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.001
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.001
      },
      {
        "name": "disables_system_restore",
        "time": 0.001
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.001
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.001
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.001
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.001
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "andromut_mutexes",
        "time": 0.0
      },
      {
        "name": "downloader_cabby",
        "time": 0.0
      },
      {
        "name": "phorpiex_mutexes",
        "time": 0.0
      },
      {
        "name": "protonbot_mutexes",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.001
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "apocalypse_stealer_file_behavior",
        "time": 0.001
      },
      {
        "name": "arkei_files",
        "time": 0.001
      },
      {
        "name": "azorult_mutexes",
        "time": 0.002
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.02
      },
      {
        "name": "cryptbot_files",
        "time": 0.001
      },
      {
        "name": "echelon_files",
        "time": 0.003
      },
      {
        "name": "infostealer_ftp",
        "time": 0.102
      },
      {
        "name": "infostealer_im",
        "time": 0.06
      },
      {
        "name": "infostealer_mail",
        "time": 0.024
      },
      {
        "name": "masslogger_files",
        "time": 0.0
      },
      {
        "name": "poullight_files",
        "time": 0.009
      },
      {
        "name": "purplewave_mutexes",
        "time": 0.0
      },
      {
        "name": "quilclipper_mutexes",
        "time": 0.0
      },
      {
        "name": "qulab_files",
        "time": 0.007
      },
      {
        "name": "qulab_mutexes",
        "time": 0.0
      },
      {
        "name": "asyncrat_mutex",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.035
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.001
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.001
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.001
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.001
      },
      {
        "name": "network_dns_opennic",
        "time": 0.002
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.002
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.002
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.019
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.001
      },
      {
        "name": "suspicious_tld",
        "time": 0.015
      },
      {
        "name": "network_tor_service",
        "time": 0.001
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.001
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.001
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.001
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.001
      },
      {
        "name": "powerpool_mutexes",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "cryptomix_mutexes",
        "time": 0.0
      },
      {
        "name": "dharma_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.001
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.018
      },
      {
        "name": "ransomware_files",
        "time": 0.038
      },
      {
        "name": "fonix_mutexes",
        "time": 0.0
      },
      {
        "name": "gandcrab_mutexes",
        "time": 0.0
      },
      {
        "name": "germanwiper_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_mutexes",
        "time": 0.0
      },
      {
        "name": "medusalocker_regkeys",
        "time": 0.002
      },
      {
        "name": "nemty_mutexes",
        "time": 0.0
      },
      {
        "name": "nemty_regkeys",
        "time": 0.001
      },
      {
        "name": "pysa_mutexes",
        "time": 0.0
      },
      {
        "name": "ransomware_radamant",
        "time": 0.001
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "revil_mutexes",
        "time": 0.002
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "satan_mutexes",
        "time": 0.001
      },
      {
        "name": "snake_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransom_mutexes",
        "time": 0.0
      },
      {
        "name": "stop_ransomware_cmd",
        "time": 0.0
      },
      {
        "name": "ransomware_stopdjvu",
        "time": 0.0
      },
      {
        "name": "rat_beebus_mutexes",
        "time": 0.0
      },
      {
        "name": "blacknet_mutexes",
        "time": 0.0
      },
      {
        "name": "blackrat_mutexes",
        "time": 0.0
      },
      {
        "name": "crat_mutexes",
        "time": 0.001
      },
      {
        "name": "dcrat_files",
        "time": 0.001
      },
      {
        "name": "dcrat_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_fynloski_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_mutexes",
        "time": 0.0
      },
      {
        "name": "limerat_regkeys",
        "time": 0.004
      },
      {
        "name": "lodarat_file_behavior",
        "time": 0.0
      },
      {
        "name": "modirat_behavior",
        "time": 0.002
      },
      {
        "name": "njrat_regkeys",
        "time": 0.0
      },
      {
        "name": "obliquerat_files",
        "time": 0.002
      },
      {
        "name": "obliquerat_mutexes",
        "time": 0.0
      },
      {
        "name": "parallax_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_pcclient",
        "time": 0.003
      },
      {
        "name": "rat_plugx_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_poisonivy_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_quasar_mutexes",
        "time": 0.0
      },
      {
        "name": "ratsnif_mutexes",
        "time": 0.0
      },
      {
        "name": "rat_spynet",
        "time": 0.001
      },
      {
        "name": "venomrat_mutexes",
        "time": 0.0
      },
      {
        "name": "warzonerat_files",
        "time": 0.002
      },
      {
        "name": "warzonerat_regkeys",
        "time": 0.003
      },
      {
        "name": "xpertrat_files",
        "time": 0.0
      },
      {
        "name": "xpertrat_mutexes",
        "time": 0.001
      },
      {
        "name": "rat_xtreme_mutexes",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.002
      },
      {
        "name": "recon_fingerprint",
        "time": 0.004
      },
      {
        "name": "remcos_files",
        "time": 0.001
      },
      {
        "name": "remcos_mutexes",
        "time": 0.0
      },
      {
        "name": "remcos_regkeys",
        "time": 0.003
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.001
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.001
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "spicyhotpot_behavior",
        "time": 0.001
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.004
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.001
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.001
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.001
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.003
      },
      {
        "name": "tampers_etw",
        "time": 0.001
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "targeted_flame",
        "time": 0.002
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.093
      },
      {
        "name": "trickbot_mutex",
        "time": 0.0
      },
      {
        "name": "fleercivet_mutex",
        "time": 0.0
      },
      {
        "name": "lokibot_mutexes",
        "time": 0.001
      },
      {
        "name": "ursnif_behavior",
        "time": 0.002
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "neshta_mutexes",
        "time": 0.0
      },
      {
        "name": "renamer_mutexes",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.008
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.009
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      },
      {
        "name": "allaple_mutexes",
        "time": 0.001
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "sex1.exe",
      "path": "/opt/CAPEv2/storage/binaries/2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b",
      "guest_paths": "",
      "size": 207872,
      "crc32": "EE2F2CEA",
      "md5": "ec0381bf2a31d2ce2e4a00f809db6266",
      "sha1": "cbb5b6fc88aa57b1675a71a7e1d9eede95238315",
      "sha256": "2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b",
      "sha512": "f4d2af561ceabbb1793af9866d1efc6497886d6447b658e1ac37fbc650ba95a27a017b16574959388ca88354c9041ae781aa31caeaa5cc06b26b017d819b8614",
      "rh_hash": null,
      "ssdeep": "6144:sLV6Bta6dtJmakIM5PMBrwBJnaMC8xFev7y4QT1ta:sLV6BtpmkKMFIPHPe2Dta",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "DITEKSHEN_MALWARE_Win_Nanocore",
          "meta": {
            "description": "Detects NanoCore",
            "author": "ditekSHen",
            "id": "931b98f6-df2b-538b-bc49-ecbbd24334da",
            "date": "2020-11-06",
            "modified": "2024-11-01",
            "reference": "https://github.com/ditekshen/detection",
            "source_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7654-L7681",
            "license_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt",
            "logic_hash": "6336260e0af2b4b51338ee066f41b7c58aa134a6c03ca110db7e088edf2b65a7",
            "score": 75,
            "quality": 75,
            "tags": "FILE"
          },
          "strings": [
            "NanoCore Client",
            "NanoCore.ClientPlugin",
            "NanoCore.ClientPluginHost",
            "IClientApp",
            "IClientData",
            "IClientNetwork",
            "IClientAppHost",
            "IClientDataHost",
            "IClientLoggingHost",
            "IClientNetworkHost",
            "IClientUIHost",
            "IClientNameObjectCollection",
            "IClientReadOnlyNameObjectCollection",
            "ClientPlugin",
            "EndPoint",
            "IPAddress",
            "IPEndPoint",
            "get_ClientSettings",
            "get_Connected"
          ],
          "addresses": {
            "x1": 65285,
            "x2": 65869,
            "x3": 65933,
            "i1": 65858,
            "i2": 65891,
            "i3": 65903,
            "i4": 65918,
            "i5": 65959,
            "i6": 65975,
            "i7": 65994,
            "i8": 66013,
            "i9": 66027,
            "i10": 66055,
            "s1": 65878,
            "s2": 67146,
            "s3": 67155,
            "s4": 67165,
            "s6": 73875,
            "s7": 75319
          }
        },
        {
          "name": "Windows_Trojan_Nanocore_d8c4e3c5",
          "meta": {
            "author": "Elastic Security",
            "id": "d8c4e3c5-8bcc-43d2-9104-fa3774282da5",
            "fingerprint": "e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4",
            "creation_date": "2021-06-13",
            "last_modified": "2021-08-23",
            "threat_name": "Windows.Trojan.Nanocore",
            "reference_sample": "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd",
            "severity": 100,
            "arch_context": "x86, arm64",
            "scan_context": "file, memory",
            "license": "Elastic License v2",
            "os": "windows"
          },
          "strings": [
            "NanoCore.ClientPluginHost",
            "NanoCore.ClientPlugin",
            "get_BuilderSettings",
            "ClientLoaderForm.resources",
            "PluginCommand",
            "IClientAppHost",
            "GetBlockHash",
            "AddHostEntry",
            "LogClientException",
            "PipeExists",
            "IClientLoggingHost"
          ],
          "addresses": {
            "a1": 65933,
            "a2": 65869,
            "b1": 73894,
            "b2": 65449,
            "b3": 71622,
            "b4": 65918,
            "b5": 108030,
            "b6": 75518,
            "b7": 91121,
            "b8": 75371,
            "b9": 65975
          }
        },
        {
          "name": "Nanocore",
          "meta": {
            "description": "detect Nanocore in memory",
            "author": "JPCERT/CC Incident Response Group",
            "rule_usage": "memory scan",
            "reference": "internal research"
          },
          "strings": [
            "NanoCore Client",
            "PluginCommand",
            "CommandType"
          ],
          "addresses": {
            "v1": 65285,
            "v2": 71622,
            "v3": 71598
          }
        },
        {
          "name": "Nanocore_RAT_Gen_2",
          "meta": {
            "description": "Detetcs the Nanocore RAT",
            "author": "Florian Roth",
            "score": 100,
            "reference": "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/",
            "date": "2016-04-22",
            "hash1": "755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050"
          },
          "strings": [
            "NanoCore.ClientPluginHost",
            "IClientNetworkHost",
            "#=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe"
          ],
          "addresses": {
            "x1": 65933,
            "x2": 65994,
            "x3": 81149
          }
        },
        {
          "name": "NanoCore",
          "meta": {
            "author": " Kevin Breen <kevin@techanarchy.net>",
            "date": "2014/04",
            "ref": "http://malwareconfig.com/stats/NanoCore",
            "maltype": "Remote Access Trojan",
            "filetype": "exe"
          },
          "strings": [
            "NanoCore",
            "ClientPlugin",
            "ProjectData",
            "DESCrypto",
            "KeepAlive",
            "LogClientMessage",
            "get_Connected",
            "#=q"
          ],
          "addresses": {
            "a": 65933,
            "b": 65942,
            "c": 65659,
            "d": 68226,
            "e": 99406,
            "g": 91196,
            "i": 75319,
            "j": 108466
          }
        },
        {
          "name": "NETexecutableMicrosoft",
          "meta": {
            "author": "malware-lu"
          },
          "strings": [
            "{ 00 00 00 00 00 00 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }"
          ],
          "addresses": {
            "a0": 117102
          }
        },
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsNET_EXE",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsPacked",
          "meta": {
            "description": "Entropy Check"
          },
          "strings": [],
          "addresses": {}
        },
        {
          "name": "Microsoft_Visual_Studio_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        },
        {
          "name": "Microsoft_Visual_Studio_NET_additional",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "Microsoft_Visual_C_v70_Basic_NET",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        },
        {
          "name": "NET_executable_",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "a": 117138
          }
        },
        {
          "name": "NET_executable",
          "meta": {},
          "strings": [
            "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
          ],
          "addresses": {
            "b": 117138
          }
        }
      ],
      "cape_yara": [
        {
          "name": "NanoCore",
          "meta": {
            "author": " Kevin Breen <kevin@techanarchy.net>",
            "ref": "http://malwareconfig.com/stats/NanoCore",
            "maltype": "Remote Access Trojan",
            "filetype": "exe",
            "cape_type": "NanoCore Payload"
          },
          "strings": [
            "NanoCore",
            "ClientPlugin",
            "ProjectData",
            "DESCrypto",
            "KeepAlive",
            "LogClientMessage",
            "get_Connected",
            "#=q"
          ],
          "addresses": {
            "a": 65933,
            "b": 65942,
            "c": 65659,
            "d": 68226,
            "e": 99406,
            "g": 91196,
            "i": 75319,
            "j": 108466
          }
        }
      ],
      "clamav": [],
      "tlsh": "T1D814C01577A94A2FD2DE82B961221143937CC2E399C3F7EE28D864B74F267E50A071D3",
      "sha3_384": "ec3dce417ea77de9d5ffe299d314856d9fe313aef6f2d0756bd3c1d5189229fa7ec47b248eca9b4b3e92aa5ea87b0095",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x0001e792",
        "ep_bytes": "ff250020400000000000000000000000",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x00032e66",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {
          "mscoree": {
            "dll": "mscoree.dll",
            "imports": [
              {
                "address": "0x402000",
                "name": "_CorExeMain"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0001e738",
            "size": "0x00000057"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00022000",
            "size": "0x00015fa8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00020000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00002000",
            "size": "0x00000008"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000200",
            "virtual_address": "0x00002000",
            "virtual_size": "0x0001c798",
            "size_of_data": "0x0001c800",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "6.60"
          },
          {
            "name": ".reloc",
            "raw_address": "0x0001ca00",
            "virtual_address": "0x00020000",
            "virtual_size": "0x0000000c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.10"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x0001cc00",
            "virtual_address": "0x00022000",
            "virtual_size": "0x00015fa8",
            "size_of_data": "0x00016000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "8.00"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_RCDATA",
            "offset": "0x00022058",
            "size": "0x00015f50",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "8.00"
          }
        ],
        "versioninfo": [],
        "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
        "timestamp": "2015-02-22 00:49:37",
        "icon": null,
        "icon_hash": null,
        "icon_fuzzy": null,
        "icon_dhash": null,
        "imported_dll_count": 1
      },
      "data": null,
      "strings": [
        "|\"$V1",
        "#=qoTNlk$Wngv$bqPRyj4mJig==",
        "Environment",
        "#=qKraENZVscKMtH4GMIJjzqA==",
        "_Lambda$__2",
        "ReadInt16",
        "NtSetInformationProcess",
        "RebuildHostCache",
        "EndPoint",
        "Random",
        "#=qbwvWShVSL8DgrXXfPQ9kNmpf6pmcj6q57bPfcsBp938=",
        "WriteAllText",
        "AddressFamily",
        "#=qZ8pysPk74rQ5GX0s5CkOJQ==",
        "Int32",
        "#=qYpD2x2QTNARNJcnXxG0OjQ==",
        "#=qeMVJwq86lZc4hsNJNMQJVYiQqG94mfqhBGc9gH9UUgM=",
        "2}}bV",
        "#=qB4sApeDyjGxBivHLwR3FTJejGBlbih3hr3f3TS7BFbY=",
        "System.Text",
        "#=qmcl1D6lgUOLuKGFFyxMamg==",
        "FileCommand",
        "#=qN9Enun6Rlq30xNdBjhzY0A==",
        ":X<y]",
        "#=qJT4I5hOweIk$xYFEeDszbikglXCuquUd$v9AXtyq2ns=",
        "#=q4X5fhkJm5XS4LlpLIyB6bA==",
        ",sNo}",
        ">j|:\"",
        "add_Completed",
        "Uninstall",
        "#=qq_SehjaC_F9U66vu1NLqjA==",
        "#=qL6PdpQwMNSdyVKw3FgboNw==",
        "#=qPfVuk6552RtecCgHDnGSkA==",
        "iFl8H",
        "#=qkcVkJskuGA4o7kGuN79i1w==",
        "#=q$6NbEg0Hb4neXdXPgEgHJA==",
        "#=qd8WIZO8f6IRqdUmvxawj1w==",
        "#=qGxD085Z3RQaUY4iGwWH$xgEmRYVWDAN6hxNjaXokfVc=",
        "#=qyM$eq2QFDjIwNzxtrtw3WE5gHFsUOsREqnRunYWzTvs=",
        "ReadAllBytes",
        "FileStream",
        "MemberInfo",
        "get_Width",
        "#=qCJD3QzeNpOG7t7hUNPqgxgwPhMjv4aui2ikN049iz28=",
        "#=qzRcQ_b8FoTlpKT_BObsgBl2bj71wU5HcYdpIIgiTJ5c=",
        "#=q$njopRrPblqe$yrs$rsu5Q==",
        "SpecialFolder",
        "#=q5QHPwKvqpNRA$cKFBj8i9w==",
        "0*KfE[",
        "#=q$YUIMaEFO5IFZXBvo0kclw==",
        "DebuggerDisplayAttribute",
        "<Njgc",
        "#=q$yU7aYEYOl8Nz4sJLGQQ6w==",
        "#=qh42qYul4hj$aa5mluadvLA==",
        "rG~$5",
        "IClientLoggingHost",
        "System.Security.Principal",
        "UnhandledExceptionEventHandler",
        "#=qaWedjkiL7CWj9EfMXrEg6Q==",
        "Socket",
        "#=q6tJHosKuF0IY3gGxjaveNw==",
        "#=q$P4U7B6$qbq6QJ_QX8MfyNoxYRq3foNT$OZzr5yEqDQ=",
        "#=qK$702nkzQ4rQ0lJLQZ2zaw==",
        "#=qAfx0INrfgWoPN$Cz4VEZYVFcKNxFeYaixc4CaQpU$0g=",
        "#=q5C_es0qgtlVCNxzfPQ_idg==",
        "DeflateStream",
        "IClientApp",
        "8.0.0.0",
        "%d/RXj",
        "#=qnonybcfG2jzQ4kHK5lGw3g==",
        "#=qJtsKc7ccoU8jRrRMGJWqhA==",
        "#=qRvcNy1bY28C6xYdCX8MF7w==",
        "#=qFm7s8q151MPpLODhzLizPw==",
        "mscorlib",
        "#=qMMPHzLKw8_cOGV193acukw==",
        "NewGuid",
        "lw&y_",
        "Q@Xr_",
        "get_Buffer",
        "ToLower",
        "5/fKR\\",
        "#=qnB6QgyVNIUL$Uq0GD3p5d7LpaFZvHrB3jSqhv3o7qlE=",
        "#=qJZLeQthAfpiCw0QvZb7htA==",
        "#=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe",
        "#=qRxyF5FV01AHvUkR3BeX8OA==",
        "feffefefea",
        "TBXJD",
        "g/)p[",
        "Sleep",
        "#=q6jLYuOOmC$a9_UySsUlsFA==",
        "GetString",
        "#=qfkwtPDg_wfxGVFOXd$WnCA==",
        "#=qQR2R27CtTwLSuNC54_JY1g==",
        "_Lambda$__10",
        "!^X:L",
        "#=qFlz$$vhlrnZb7YOji0eF_QZBzkOajT0w3UoQbgnXVIA=",
        "Decimal",
        "Microsoft.VisualBasic.Devices",
        "#=qikBX_CmS$ZzVAuq$nQJBDwmLm5Gee1iPlPuvI188Ejo=",
        "#=q12n1704BGxiT9AoOoTNqog==",
        "Ae6=x",
        "Resize",
        "#=qtxvtUAtG5kwD1CbaXqZpxrHWaxR5CiRO2OiaCLfsbSk=",
        "#=qBpzegr6XzkmtwALf7kKPHV3RZVAWYLbYE79PiG2zXYs=",
        "#=qfsxP7vyadqL93mAkiQXr1tsUC0B$7Gp0ZNAPpjNxIG0=",
        "#=qN9oos_gePS4akhGX5rjcOjS2FNZJlTAkUnO0Ykgu7Rk=",
        "#=qQyvT61RAfdEUvn1jBvcx0Q==",
        "get_AddressList",
        "q6Z>]",
        "e?A?v",
        "EntryExists",
        "#=qoGHQsKlZ7jK$YeTeBpzDNYYM4Z1FIrOpXaDV$VTAdfM=",
        "Process",
        "#=qHamFicykpD9fQKnU2wtqJw==",
        "cV?Z|N'",
        "#=qWaMf_MISHPEu34of2Bm5$ay6Z6PuaGN7w1jlKYjzwdE=",
        "5s4*D",
        "n6X_V",
        "#=qlV3FbiF00r5Vrp5nqoncyxDHZMuHB7yuJa7xS77K3BQ=",
        "#=qvPYkN4Wli543LScsy6rh$bZ0bDIN0tYd5zlNUibOEKfBRc13v6NIDRtsxPOZzKpX",
        "#=qE8a8ikTp6zyXXyhNYzK8Wg==",
        "#=qScWgGHvDwJ0da_7qXoO28aGE1ea7zp5$XjEJLTXkuHQ=",
        "SocketException",
        "ResolveEventHandler",
        "*PuZI",
        "/U-WT}",
        "System",
        "#=qKxYY$jYG8_7mT_7R0n5jfw==",
        "#=q5s6lzZCgRNNe2Z9HZfa94HOHkpUfSnAwZsGo$hzh7hY=",
        "get_ExceptionObject",
        "ReceiveAsync",
        "#=qksh921Ur22JKhSIAXESSag==",
        "#=qwK7$pNtMfqKNZt8gGYd$pw==",
        "#=qEoM$dAPD9j9L1YOZU2B97iwm0vZOJe13LDB3GayWQEo=",
        "#=qZ79zrlLw6T9kJCHt$e306HkmYpQl8J1ugf3bmy8tycE=",
        "#=qKoyC_0Y6bPLCPvDcJr2y5A==",
        "set_Verb",
        "FromBinary",
        "#=qwSPuuWVW8tz$gDazhda2d$myXXX0Ro_wRP7Rmm8JiiT9wA1EeeaPUV2jnUkQOCHa",
        "J.eD$",
        "Rb:1>@",
        "6t|Oj",
        "#=qiIt1yNcUYn9ksB4loCZmUQ==",
        "s~F,r",
        "GetUnderlyingType",
        "-$& ,'",
        "48saj",
        "-p&~C",
        ",@&(\\",
        "#=qwdHHpd7UWv1_2lcOeunA18XKUsrG9D8S$xli$tkAMlI=",
        "#=qp7rlpRCprgGh7RCnHteaLw==",
        "#=qU1g6m1CiJ5yzLECox1hBrw==",
        "#=qkrqC_kLD0I$zOgfqD$aGaA==",
        "ToInteger",
        "#=qaCmGqb7phy5lq$DAzhK3vB71XCZSvhKm3BtGKq_xBto=",
        "Wsr!&",
        "CompilerGeneratedAttribute",
        "#=qXfm3QhQkyfcZgbFdAZgHHmadm7n1N0mfKcKBqrdfAk4=",
        "#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=",
        "#=qzB1OZ89gRpxcPckUn_afNY2d0beSpEyl40_4IarIxzM=",
        "pe&fz",
        "RijndaelManaged",
        "#=qgSHqO_KLHRARFg70SGn_Mw==",
        "0D2T)",
        "~(0(UV",
        "#=qDx8yS5wU6EQSawGC841xnw==",
        "SetValue",
        "#=qJe4Aop6J2k_bK0f$hS3ZOQ==",
        "LingerOption",
        "WindowsIdentity",
        "#=q4KMIX0AcXAdYuUiSKvyy9Q==",
        "DeleteValue",
        "#=qbOmsEb0zGpdZukI0D4Idug==",
        "#=q23tIFHA2cbwzlg6YDYhwLkXCJGgIhllZCGmc4pRC8rI=",
        "#=q1uJdtbJoEKhZjOld7SeHjw==",
        "#=q4N2IYJkFi2VWiCVDKVND$8gixU$DXUcX8F2LiLBxLHw=",
        "#=qzjMBSDJWeEdkUWCBxYatrQ==",
        "#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=",
        "#=qb$tFKVReqZMI9M678cKWGdlE1UJqJBfHAfOfQhXuW5c=",
        "v2.0.50727",
        "BlockCopy",
        "#Strings",
        "afeffeefeffe",
        "System.Collections.Generic",
        "#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=",
        "FzAV/k!",
        "#=q2dXdGRU_h62YVIUhgXBQJzEnralpXNvp017RQs19jjo=",
        "Replace",
        "#=q$XurN5kwCvUuDGDncP4myluEGVmoB5AfvTb_Ct0PT5c=",
        "<_bG;ZY",
        "s8=V<",
        "#=qWcYPgOJASLG6mRBDPhOIZERKO3Eig2IiEWCrUa$w_Mw=",
        "set_Item",
        "#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=",
        "c`iD>",
        "0vn50\\",
        "#=qTfMnD_jfiITiB95ES2nWdLlDTdGOSDVgXEnjKNGkWcM=",
        "#=qxb6WVOMh6wjcZFY_Q0MJOQ==",
        "EndOfStreamException",
        "ToBinary",
        "#=qUWYBucdXrqr2Ksc_3qKZcA==",
        "#=q97ilq24aAenhk$hG8MzEMQ==",
        "BuildingHostCache",
        "DirectoryInfo",
        "#=q8r1xTCj7grAlhMxU0cmrbA==",
        "value__",
        "#=qFv$qWif57TCUNsu_O3F3gA==",
        "rYs|e",
        "#=qSYke1CBEgOP5WhDQ2wCOhA==",
        "SuppressIldasmAttribute",
        "CommandType",
        "#=qTSoRMaNGYiiBNK9Yfq59T$2z3sNScYh9uxoeWlhnD_A=",
        "get_Hash",
        "UIntPtr",
        "#=qJY6uBmA7bjB3pfI3CAMZ7w==",
        "GetFrame",
        "G4pEt",
        "#=q8Lz$o21atQxw0qUwF07ufqfk8jjJrspNc$L9E2y_kjQA$2GQzuj5BmjDMXRcd0oL",
        "#=qkcPDXy2$GrSLn1ykhNxS$A==",
        "NE7WV",
        "#=qLJcloNvItceT7R54Ssv5HVCoj0j2JUUq_dQXQpFZZjM=",
        "#=qafzQcMCK0eVSctI0IcD2PA==",
        "#=q5W7RemVArrFCeEyFuvU4Hg==",
        "MoveNext",
        "UInt32",
        "#=qV4bSY95FY8CPz8U7EzzkRg==",
        "#=qUaHlQloQ1heHsricyshXiA==",
        "#=qYVgYkiAmhdTmisXUMVHYlJUHzcBdggj3Sn3nLI_MDJ4=",
        "#=qulZN_JfMbEqc2jFbEooALI6mh8tLy9$3NFedHEXAIAw=",
        "u~-U8",
        "=oRe%L6j",
        "Assembly",
        "#=qUbRtqAPcSxRMI51YgNXGZ9omJvV5BvuqBNocgi7xl6Q=",
        "sRvb\\",
        "#=qrIbbxniIme2qLTdRw6i0wDoZFMH5BWs03iMeSnjojQU=",
        "System.Reflection",
        "#=qAoRzrFi9HiHjyPL0ixkVXA==",
        "<EU|L",
        "#=q0QKFCbf0u_IpV5ISOWOl$Q==",
        "v\"HAzCG",
        "#=qr5qpvOPnLxLp6aGkfAM7wQ==",
        "WriteBlockData",
        "#=qIZP8IX60gSYF82kuZejmg8pOoXfEBczapTTwgrWM$fM=",
        "#=qrjPq4iPb$PLckcObsgRE1Q==",
        "DEcW{",
        "#=qH7CAcg5aycQv61Wo62XDpw==",
        "Z^OGV>.",
        "DebuggerStepThroughAttribute",
        "#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=",
        "#=qJrzYsTPKAwT$ubz_aq99mw==",
        "Cf{vp",
        "Int64",
        "#=qtBt$1AtaHrrce6fc6LOT3axuBNxZ$SQPty78qYGi1os=",
        "#=qfjs2lYYPRWKuXjeHrc8Rtg==",
        "\\CZM8",
        "#=qbUu2Y2P9FL2iRkWyb62gww==",
        "GetCustomAttributes",
        "#=qul8YRvQj1pWpo4_UxgOSzOBvtncEE$VPCzTeLK_rIz4EnXxineVkwF$lTxruKPxr",
        "IntPtr",
        "9beO0o",
        "#=q91nKS7P$i0qKCqvUAPW9EQ==",
        "#=qos7yzAcb5jR$ypc0Qk3OWQ==",
        "#=qw9FR63zXVj$omVnwg0u37A==",
        "ReadUInt64",
        "#=q$Rh_ulnlhN$9Zn9n4fKAsvWT9cisaHT_PgvcGANnd6o=",
        "&&*}#",
        "#=qiCTCgJQkyH_Kzq$FT43G4Q==",
        "#=qCeJ_QwVb__fbuEImkTXwSg==",
        "#=qURIxMOG0HImwEP4A6zEiPg==",
        "#=qxQTn_t1ZFKKNm77mQ5vH9cInicm2Cv9jGtv9vmIpksI=",
        "#=qQLqXliLS$ujl108DGV7$zv9jo8WyYr7oxBJvAgzllyk=",
        "0e%.d|",
        "GetExecutingAssembly",
        "#=qqIzVXHiNuUY4ZNiSxkqEGQ==",
        "GetTempFileName",
        "_Lambda$__5",
        "#=qEnv9WsExz6baZJKRUDupw9eEQbgJVjj69NjcsJ7hrBk=",
        "$5ce1dc0b-04ba-4048-aa8d-caa0354c0972",
        "Xy{K-",
        "#=q6pErmyx6x4$YkotXXEXGCt_ysi5JdNm1fpNgnUvZ9LE6EtA8E0TapqXrPnqyBO1x",
        "#=qr6ouJTA2RwDm_3Z$eUP6TCvbpSA$yAFGnut7D4kG2$I=",
        "#=qjM89gxwDLZ9izFxrYPCtcA==",
        "EditorBrowsableAttribute",
        "#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq",
        "Lw;(\"",
        "get_Offset",
        "#=qyxpfolLUhMvFTDE2h_syvQ==",
        "+C? 0H",
        "~&h9W",
        "#=qAp_zHqT7acjq$QNiBoq2EA==",
        "bBQZ`",
        "#=q0msvLo3fKjQ5ucIFxkdur24Cc0tFDGimgcqgtAeKZq8=",
        "#=q2nHH3haw3R0VWVw4qHOwKw==",
        "ConnectionStateChanged",
        "#=qRxKU0X3UfYwXoOTtDpEVW6z4XRgE1s4V5zOQsfCCSqM=",
        "RegistryKey",
        "F% 6[Me",
        "#=qwogjI4gN1imp1VeWLroXTk41PgYeLQ34zunh6NYu_3g=",
        "M`o}+",
        "MyTemplate",
        "#=qm5VvJvLZD$UcnjvypC5XcA==",
        "1i^I2p",
        "#=qtWaDSiZ3KDHpQtSfxDZV0w==",
        "#=qbpvfREN3OwaXBj6J3WBAim$AQyJ99fz1ef01qn6kVrs=",
        "D>)TY",
        "#=qTEC8gcgkt672qW159Oe_Iw==",
        "StartsWith",
        "Rectangle",
        "#=qwNkTTorgPauZQTT6jiqLIA==",
        "System.IO",
        "$>lPy",
        "get_ExecutablePath",
        "9g}MS",
        "#=q$c3lXLbhl3Qzil6Z9hYEopCTRdsG8WE_1ZuhF2KQELQ=",
        "#=qm_Podb$DJ6CfxMwMnaj6heXfc210URbSx7p$rJGFPmA=",
        "GetFiles",
        "#=qay$wDBdxvh$MBWrC9YMhC_f55kIvkv7I_BjPu_7Ajsw=",
        "#=q8NzetUGGc1cM4ZGyRGGlug$fKAOwmcPqe4nFzDGKLk0=",
        "ReadInt32",
        "Remove",
        "#=qTAs57ZkYafcLC2FZLCGAiQ==",
        "get_DeclaringType",
        "ExceptionData",
        "Format",
        "#=qvX$J24rI0eJ0gWfA6CEdzVJN7bQN_YTuS98N0yyMYPo=",
        "9RNWA",
        "#=qLKYxZZVHP8wT4ocBxnjPXg==",
        "#=qTLmFjOt1Rq5$fqQEFVZ2zg==",
        "#=q3S7bY847GmpPliI1m7tZaAVifJNdeHclZJyeY2JTxN8=",
        "ArgumentException",
        "#=qWQUgmvsTzj15wSjWQHZnng==",
        "&2+0\\",
        "HdXLH.",
        "AssemblyCompanyAttribute",
        "#=qfvzoVBS4j9KdxyngOlL_NauqVYLAaOZVw9dutKQSAp4=",
        "_Lambda$__4",
        "/!|Sq",
        "#=qO7YVPb8fjfyGw81pHcJjnw==",
        "GetPublicKeyToken",
        "#=q1A7nXYgjUuxh_0aV4fZMB87On7HuSdbeS8x$mfXfW2c=",
        "#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=",
        "CreateEncryptor",
        "#=q5OunwTi_tYTGCTkAtZ8rARxlhmXbFcAf_e1GiEt$FEA=",
        "#=qhWn12I_bGxHfrIrnto3QAA==",
        "IClientAppHost",
        "#=qWgd5i$rED0nEbfExDCteKBL09U6dKm2BW1AXqZVXCWk=",
        "#=qjlBNihUiUO2oBJbOEbdB4u8xmfTL9EQ3AEFa$nrdzJY=",
        "#=qoTGj8$mBoje$u1RSJ6obYA==",
        "t:0e)W",
        "ReadPacket",
        "-#&~7",
        "4+Ot=]",
        "CU fL",
        "Int16",
        "WaitCallback",
        "#=qlIUFl2SBYSRov3A1WGimWQ==",
        "#=qVEEdpD96A48uRzPJT7G_w60gIZo4tH1_e21GoRWPFm8=",
        "#=qChPTKc$8xcHrcle7anHYNe0wH_TweGkex2nGe9n8WDs=",
        "#=q8uMGC19QD5WGzpkzUOu0SQ==",
        ",@W<z]F",
        "Disconnect",
        "PluginCommand",
        "AssemblyTitleAttribute",
        "#=qXO4A8$YrN_OoPhFOn$Hhtg==",
        "Dictionary`2",
        "#=qLSPQZXlXixhGX8Gd10$ph8j0p3_XdW2xwrfqz3nO7MY=",
        "#=qDJlWEiuGwuVXAz8yc8z7OaMssRYN4hP9AHespNOmdYHus6_1XkNOC0rqgHeRZksg",
        "#=qhwyNa_lhtuoyuJK5j3BcF4xu5fY5XhFlgzkM1Cgy6IA=",
        "B.dIs",
        "Dispose",
        "B.rsrc",
        "TimerCallback",
        "#=qzRf5_jFnPo03SqY9Fq$uTg==",
        "Queue`1",
        "Shutdown",
        "#=qhiSO75CpxncaWptyc0vAMQ==",
        "#=qrPQtMswclvOlK1AxL1S4K8M$owLGUpQfjJA8CWW$fj1az7m8LFibY8IeMxHKi4wi",
        "ProcessWindowStyle",
        "&&*}b",
        "C{A/{",
        "#=qFZ8xm69Cd0C55Ip2ORf7Ng==",
        "1;sKPkj",
        "-b&(?",
        "#=quFACL_$e$cUEIexpzPXS7w==",
        "#=qedcCJsW_6aMZb5lO3tR01A==",
        "#=qraB64nHTnRXCE4d7ffs5aGExarxpEh0COAPaEFI5iV8=",
        "get_CurrentDirectory",
        "#=q5XjI6hZlPIrXq2h2btB_pVJgDh_o3RXkWrFCxLCG1E0=",
        "#=q_$JrmDHg2uq9s8cQVRi8Jw==",
        "ReadBytes",
        "#=qJqkjp9g96yoxpNS2E$BC00FKleto7dZfN9N5mtLDF4g=",
        "#=qszlIp3ITaFi0VCgRIaErNg==",
        "GetBinaryForm",
        "Yaa*&+",
        "get_Y",
        "#=q7rZvZ5LmWDFo52hBeGb87g==",
        "#=q3LvM$oW1poDdLKDT_N_s4w==",
        "ToCharArray",
        "RegCloseKey",
        "#=quOBOxPeAl_kjKKx$REI6dA==",
        "#=q_NLac$XJ5lIxZMpXsr_nBw==",
        "#=qOplsUBML8x2xteEBilOycw==",
        "#=q8Bp27fhtrXMmonNxf$9qLbuQQehIBQTdOPDQw07FUyI=",
        "#=qFMsFc_zvkhu_B2YTPJt9Yux7Vq8aZNOr3FA$mEdAzCc=",
        "#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct",
        "get_InnerException",
        "#=qgCcrNFC0iLB8hKTy5iNnsw==",
        "L3&UNmY^!^",
        "/;ol]",
        "Marshal",
        "#=q3cm0QwDyNYr2y$xvkCk9bGbohRfuMuxkahGwLy466GA=",
        "#=qyzEuYsQ6u9hwZeR0HeWqvA==",
        "#=qf3c4WtE$$thN5QyBMvo3u0lth2VF5hmfUsIv1r8yRkg=",
        "#=qcDgE7pmQv6niirKxFRMj7Q==",
        "SetKernelObjectSecurity",
        "jsND)F",
        "WindowsBuiltInRole",
        "#=q4d$NdpGCMcL3TaMlT9EW69FacIvNnqDPMFNisgGhmsY=",
        "GetKernelObjectSecurity",
        "|*mnk2B",
        "ValidateBlock",
        "C{]_o",
        "#=qRbDxNN_CBpjdn11hjtWoZg==",
        "#=qe9p_PgOCiouYWahOSDKth00dr9CdsTb1R3DYgCeLUBw=",
        "#=qsYpthruwyrknxFdWaNp9Vw==",
        "CreateDecryptor",
        "^s,}W",
        "Conversions",
        "ReadDouble",
        "#=qdzx0nDkNduYsJ$MOZBFb6jelzyvbyiG7So1vqpZnVLU=",
        "%XfzR(Z",
        "-'&~C",
        "#=qCN8q7dxuBuds3rgIjZ1oLA==",
        "#=qBcRYABJptno3$fpXoMXAvg==",
        "#=qArVl3RpI3eEiVf0qXoqrWw==",
        "#=qk77uxMCXAcR_2KMKgZiSng==",
        "xUB.i",
        "#=qd7oUKLFPI9nt8Ln7RU53xA==",
        "CheckForSyncLockOnValueType",
        "#=qCKX0qzAtjLAL9KBPrJWkOA==",
        "#=qXzNbY0aXEU2Rr2_Jbe87og==",
        "ThreadExceptionEventArgs",
        "get_InvokeRequired",
        "#=qu1CivWngdicjZHEJYKM3dA==",
        "#=qqLLpPwpASXA1wqOuY2RNlU8CTc57bQGBfHWaLDgrCKM=",
        "AssemblyFileVersionAttribute",
        "System.Threading",
        "set_CreateNoWindow",
        "#=q9rN$wEdl9rzJbAMMIiemCg==",
        "!e~uh",
        "#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK",
        "GetBlockHash",
        "#=qdy_NHDvN7XTcQtWWMYxYKbuJqtXHsYJXM_YUEvVR0bc=",
        "#=qyZOtLxFf9zA2x1ff4_5cOg==",
        "Write",
        "#=qxUvHfLZKZiUmPXUqPV8Vcw==",
        "#=qsAejPkl5V6B3npq6homyUA==",
        "Microsoft.VisualBasic",
        "AppDomain",
        "#=q$bBbU_xpGfMMkAvp45SBRg==",
        "#=qZiHVbt3FXowK6_NIyOxsOw==",
        "#=qsA8D04owIGYHILF6yPa43A==",
        "#=qtT$P2Bo4VHFu60OU4VLf1H20c7M2DlURuyfb_XJDYaM=",
        "#=qstAyOBsDsJqFRKDvXIn01A==",
        "#=qWljP9Wu9miiHAG26c_L7NQ==",
        "\\8SYH",
        "#=qGqLDylJy8NmMEbMDJmKtoQ==",
        "#=qvLrEXVjSw17e3P6GFPALhrZXcKcfxuk0NupQhKFf0VM=",
        "#=qFlM8LWSzwV9qMKMd32mVdQ==",
        "QueryDosDevice",
        "AppendLine",
        "#=qkWUjAoA_6r2E7qo6NAGuIBq3iKikqBJbioTC25CcZQY=",
        "#=q2wxuRKC7TyzyevfrmeuJ$w==",
        "#=qZFVU$VkNPSWYii2AVQe6c6mwAUd10Tgqkl1$K5gZz9Y=",
        ".]7=2_la$U<",
        "#=q63A3zH9hQ$3c53x2wqU0Qg==",
        "#=qEqBb19ZxrWpMC8pwAc1v$Q==",
        "Hashtable",
        "#=qFYv4oSsEFno3Ujev9_o4Hg==",
        "#=q6Xi08r0$lOOnXtoBHhfMuQ==",
        "#=qfOXLv$ej4ffVoa9QN8Vke8O9DCKhSHEsi_sqFk8Qf0o=",
        "get_Day",
        "AceFlags",
        "MessageBox",
        "BS<R>",
        "ToUpper",
        "49#m`.",
        "#=qVXB_y3eN_sp1$Md9UoJeYQ==",
        "v,=E.j",
        "System.Drawing",
        "#=q6uR3lWd6_aD2reKUDlx$OA==",
        "#=qEIPcndOLrV2GJmno7zKtBA==",
        "Details",
        "x!3GE-",
        "{G!0'",
        "ExceptionHash",
        "#=q8T1neNU8Flp1WaNsBKnRHQ==",
        "#=qfPf03rjJVGFkLtYSr7zDRw==",
        "#=qUUt$Zm9DEy7746wMpw0nOgKcClljRPRKWyhQ21GyaOQ=",
        "#=q2X26s_rFZ25AY$hOcf_6zA==",
        "StringComparison",
        "#=q9heLrZy3cpWSk7do8VVthg==",
        "#=q8McCIarwH$XScVz0xkTmJw==",
        "Combine",
        "#=qBhG6LJNfmJspOR5A5YrkZB3a_dWOpJYSj4Mo9vfL8qo=",
        "Create__Instance__",
        "-'&oN",
        "#=qDOdV5duF980CDFSFl8oQpw==",
        "ReadString",
        "Client",
        "Object",
        "#=qe5qrWacQXGv9g0P5D_mRuQ==",
        "#=qluYNp43cwlAh9yLdLZolDw==",
        "#=q6Aboe3ONIkez7GgqcdWPi0_vrT_i53_89HUeagGM6MThXvFkvl8hpSeHO1UJawKN",
        "Tk~rs",
        "get_Message",
        "fefefeffea",
        "ha|H=+'",
        "#=qe0mY$R_rBsPIZZv3hPLS4g==",
        ".4Ccq",
        "PD/wj",
        "-O&~r",
        "}qh3`",
        "+^Tw.",
        "#=qKYm_FHWoJ42y$VrakLgWfw==",
        "FindResourceEx",
        "Concat",
        "SocketError",
        "get_Unicode",
        "#=q2gthvB62n07fYVTx5fwIqxBAo1t_hs$il9Ac$4FY_Gw=",
        "GetInterfaces",
        "ah@GI",
        "#=qYMGXxffne_DlG2tyCliUw119RPUt2rJt6SWle_TPkBA=",
        "#=qCgskv3QU4cEy8M7hqvNNBbFyow$DvbmSQrN8A5JJJWs=",
        "#=qgB3pFGrOVxm7f$sXZD67nQ==",
        "#=qQRAhbbFlVBfqrgso8zehPg==",
        "#=q3_xjz98EYRXgLslROl8imQ==",
        "#=qmuy0ee0GJl13ksvWRbOSbofOCTPf0dv0HYdjJq9H_Es=",
        "=DLV(",
        "OperatingSystem",
        "#=qnY1InNbQmfgiJXdGVH6rvQ==",
        "#=qYI$MiBdzcplbf7GqrUf7Ig==",
        "&DL9/M",
        "fefefeffe(",
        "#=qyEH54IW$f9fUJb7FOR8r3vj6e$onLGrpm2VGycjbl9TZJEqkwtA4y4bL9ExOWpiA",
        "#=qMWVV4JCreo65oWvwYJqZWobqlgJkr$K2AUIqF$weF5s=",
        "MethodBase",
        "#=qw39MYiiaN1XJbqsDq$LgQw==",
        "f!~>~j",
        "-\\&~]",
        "#=qg9gWuHgvaa6cHg9wj9NSQQ==",
        "#=qr9m9EjuYAP$2E3p2xadfFhcTH6toAhrm0dlfOTldiWRsdXd8UmnkRkYrV_8$1gaA",
        "#Blob",
        "4{'Wg",
        "#=qzTUdhpx_l8oNrXik8Q6a51kZkIp$waiEMbjMOU1bFOc=",
        "#=qABSlSWKh$8sT$UF4sG_vQMmKqh5lDRXHlL1yCp0W8x0=",
        "#=qw2XWrJCQCyTO0Iwdbz8TWw==",
        "AddRange",
        "#=qQ3JMSE9km3mGmL6lmUfRHw==",
        "#=qEQtWieYw8BPdEE4hbsjTLrq$BwGjJOBoaDYJmV9xVgE=",
        "\\M/e(",
        "#=qtIl3MhjXHsnCHvTVFi9hFg==",
        "#=qfozjXlIKX6LyHHXB6wCG9g==",
        "#=qjIje6jGWLd2EOkfZXKqBbg==",
        "AddHostEntry",
        "&&*}X",
        "#=qKdZKgyAqL_iP0GUSJkXePw==",
        "ffeefeffeefhah",
        "LoadResource",
        "get_IsDisposed",
        "#=qeKiN0Pwa0MwkK0uB$Ook97TrMQC$LNj1jgF6xTuSA2g=",
        "!d{t,bk",
        "add_UnhandledException",
        "#=q637XAKKKpMW09u9r97v4lg==",
        "#=qwGMLoIBYlotM6E$y2KTAuQ==",
        "=!#0jR",
        "#=qeeDSInMnFASKK3QXGIKUxuxDb8FgGi0XLXRlZ2oJdWM=",
        "PzHP/SB",
        "WellKnownSidType",
        "get_Port",
        "GetMethod",
        ";!5mi",
        "#=qehEpCuPIxZRbHczlt$dAWi4yWi9o1_noSvuo$Wzvtyo=",
        "#=q0REOJwjO1qsE01G_RQE1TQ==",
        "EndInvoke",
        "#=qPNzwB3EyeKwH$TwKjEdAjAC6A3IlGhANCdkUFCgvEiw=",
        "#=qpXfSNxR7J3tqOHyqT6s_Aw==",
        "{!rE[",
        "#=qNz_Hz8DMWPqA8pVcg8d0UVymwvCurvyYgdZaMK3OhQE=",
        "#=q0PMcXQJxcLLr1sYO0fpyhPjUwjQtInL_vJPQSgCsfio=",
        "!<zuJ",
        "#=qO$LkcjIVULy0PGjvpOiiEw==",
        "#=qyc0YQPNqWwZHkgNDV8lyIQfgMkEbGZtyDsLzhYmFp8w=",
        "#=qhFV5jkshUI$uRxypI6oecQ==",
        "#=q0pfW5T3uO1I6LyXSPFW7Qw==",
        "#=qQ_BBkbckkXGbXV1nE4Sw4w==",
        "#=qYiXVlu3YVR5erIxfIIBHo1Gv4y4z4vrtnS$$9CALbVE=",
        "#=qhq3FXVXLOItNPwDlpFnTKHk3JkInaJiiSE3uR3jtGH8=",
        "#=q1AWpt7Zq4Tx0wGx4hVFZRg==",
        "#=qhg8oaKg1xx$HC$DKnlbXQpibwH2HXqMGSlGv30vEUsU=",
        "#=q66hvvPDVbMv$MYStXtnb6Q==",
        "_CorExeMain",
        "get_ParameterType",
        "#=q__Bys7JTXmAiG9F9QC$wjw==",
        "get_Position",
        "'k>}T",
        "#=q51SFR_Fbl10nUMKjGTtHqA==",
        "#=q3TG8MLoZf1Y44PREVW$6m76IGmuYE_BOhC_OTjkQJFtYWwRtSeFqevP9hiteuLfz",
        "#=qmbdg4P9$2ouafwS8nEs4lA==",
        "#=qudwGeEjJDUB9pt$_k0YOgc30ZWMo1bIGmdknk40OWog=",
        "fefeffefefea",
        "#=qH8FTQLBlM6o0t6zf8SLPUg==",
        "N1-M0",
        "CreateDirectory",
        "#=q8SIEDcn4WoT9RcZmFK9tzQ==",
        "#=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA=",
        "#=q1jj2Lo3UBKUZkdI2bLcg4QlXuNGNWZ$CYnK9VTZNEsA=",
        "#=q8nWzev5go3NKhN5Gk9NzTmM91eKwrK00n3U6GWmH8Kc=",
        "#=qjYgYU6Lnx_W1ikVtBmjm3w==",
        "&&*}&",
        "RuntimeHelpers",
        "LocalMachine",
        "7;TB S",
        "IClientReadOnlyNameObjectCollection",
        "StreamWriter",
        "#=qGqugi8s64S3wxXEod1SSyA==",
        "WaitForExit",
        "#=qV9UIxiLyaOi7XoTx2DUJwr8Ior26OirSZwM3mOvftrw=",
        "#=quO7UmvJ4RBuIIChSn0jx_M$HL4rBuRuRZnNBEMlpsJw=",
        "#=qxWNhTH3aUmlSLTvydVoCIQ==",
        "Boolean",
        "#=q4P_5NYDHZX9MPbDZuNFOAbRpAmJ2c_TFz8M5ulhIFApTRNfzn3_E1__1$MVw8$WV",
        "get_Major",
        "e9j,2",
        "#=qa9HOmSrK7mjt1ZxVRncCgFoJUA6N3DmB1Rc$YUfcSKM=",
        "#=qN1bIi$08taNozgdgDWdXVA==",
        "t/[C#XKs",
        "#=qAM4ZJ3aDwBm_a3IkqHxLmjdKzHIQbFeE9thLHux2o6g=",
        "HostData",
        "ControlFlags",
        "#=qdZqWoaYN68rlMOX4HkTLdA==",
        "#=qru2ORBLxmt_CUDya_FEQGA==",
        "AssemblyDescriptionAttribute",
        "#=qxWp4ETQRrgcfPChnmxhivyMmb5p6MuyluC9Tc_Mhkec=",
        "fefefeffeXa",
        "#=qVQoZlgR59_v4NYIa4CBPQw==",
        "xI\"MVk",
        "$F0@_",
        "m1hxT",
        "#=qVHGoZQC06Wdz1fJDKkoeiKu9aci51znqNtMz8dGZQMQ=",
        "PN_&7w",
        "get_LastOperation",
        "%i]xD",
        "lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
        "-(&s8",
        "ReadByte",
        "#=q1tLM5Gk001IDETj3RhJ2ESaIo2XgaV2vMWhqISqSHy8=",
        "#3uzz",
        "#=qRxR4aJg8TX8oM$OpeoviZQ==",
        "#=q2V8VN1ZqnXOBhkZZr6w3VA==",
        "ReadSingle",
        "rv/1D",
        "#=qOxeV7mwtJT4AH3HtBqNUXw==",
        "set_IV",
        "#=qzx697Szk1moqO$yUynaioQ==",
        "#=q2XZFEYqbf67s$PRf9Xyx7Q==",
        "#=q1abXKhVCyzVldE9ra9z81A==",
        "#=qgHxgiBgB0FhzEGOOs2Dqnfh3XnJ7nEmajCNqRqFR3Fg=",
        "ValidateSource",
        "BSn][g",
        " c,g`",
        "#=qA1_qolTI9aVdwnEde3ubqM6zKBigTZiyb5_iHpeZQDI=",
        "#=q3fzZpU7POi9yYKua762KimE0tXDV2VRrjyJcPuwXgTs=",
        "#=qxp6ct4JGLaMDbwg6fkrIEw==",
        "#=qCA$7lFkUlfYTBh0Hp6uY4w==",
        "op_Equality",
        "ClientLoaderForm.resources",
        "-!& 4'",
        "#=qRLk0VFphuSTh16H1MGZUv_HwKU6b1$OQZ0l10zUjPKU=",
        "#=qbbSw65PC$nto6DJiWxTawg==",
        "MyGroupCollectionAttribute",
        "#=qA5pFz5LZPgfUa5zon4beRA==",
        "ParamArrayAttribute",
        "<generated method>)",
        "'ZI&m",
        "get_UTF8",
        "ToString",
        "#=q1t2nN1p2nWkytA1wjQ32JyClWcTGIZMOEV9XOIYf1xQ=",
        "GetHostEntry",
        "`.reloc",
        "#=qoKFLFqm7bb3VWsU2QKXIQ4_6anGbTCWiZAfrNlgq8fc=",
        "+.Pb/",
        "OU)=\"",
        "#=qLYpbsprg$ymVLeNEwEpYlA==",
        "#=qG2DPieaEKCS$j6T6yTf$qg==",
        "&&*}(",
        "&&*}e",
        "#=qSyCMza09ItB79lrZlFBuQQ==",
        "#=q$mqGRbJ2J2TNgadoLHYnIQ==",
        "-m,Ol",
        "LM|s6&",
        "#=q9tI5WfBIFIPW_84mZnHV05cJ9fSyOCl9wA8lwPxs3PQ=",
        "NfefeffeefY",
        "WriteAllBytes",
        "#=q$XxqrIH7dyYqacMzR_CjGA5JAR0vUKiq1f0DFqS1mcI=",
        "add_FormClosing",
        "#=q0g2hVR4CYkiIvLHeQL6tUkW2KQhRibG1DIo1pReSOj8=",
        "ParameterInfo",
        "#=qWbDVCvJRlY$nWsVAToK13K8LD9gZFcJQAtBUvjDEcyo=",
        "SByte",
        "#=qQ9gevS7b4oTsdxtV36c3$A==",
        "#=qrWKlHKCxTKueolOR4ohc7D_cBhjLv1zNIcftgcigaGU=",
        "0aQ^C",
        "_g0,g",
        "#=qKxL6kQaUyB_6jIG3mQUGOw==",
        "ReadChar",
        "Start",
        "#=qEbf5uxiH92v$7mL0TnmsnA==",
        "haE4k",
        "#=qvJ_V3lJRnVEW6EI74n63zg==",
        "#=qFxElXT3T_$sB_0gpbmQGIA==",
        "#=q7wsNZ$btlm7uRzkYXMkJl8JrBCKSYJt4if2WiKQrObs=",
        "#=qYGU8a5KOsYzqpvljkWGWKuQS9mZuJYQa$8g5J6c9rho=",
        "#=qxRbSDXwo6eARhpCjqJa2Fg==",
        "#=qEn9Mtg$AIqWbq3whj1y5N12e3KXi_NwIIcl2i$FXNSk=",
        "$_di;",
        "SocketAsyncEventArgs",
        "ConnectionFailed",
        "get_Exception",
        "System.Net.Sockets",
        "#=qOn6YhA2JjwnYZ_7D0fnnEw==",
        "8uk-|",
        "#=qu0EIqDRT_HlTe4PqaMKdozL1lQ0SgTtqFucuF2vFq50=",
        "b|g+-",
        "~utVN",
        "#=qI5Vms5JVXaVkwalJFV3L6w==",
        "evb3+sG",
        "SetLength",
        "#=qAySeqCaPs9tWWTa_P8M4Zg==",
        "-l&~s",
        "#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs=",
        "#=qtcncUaS1HcVKUD5AEGHBokWqEL$GDDjoAu8asy_oLis=",
        "ffefeeffe",
        "ffefeefeffe",
        "#=qEDU5bqS$T9T0k2xHaznuPTNI8j4z6II52ItUe0wjyZ4=",
        "#=qXCoQdguduOewiATPKLDvyekx3X3r68VNkZOPBX9O5lY=",
        "#=qvJN63xerlaB42Q0XUG621g==",
        "Decrement",
        "PluginUninstalling",
        "#=qwnMPoJqYBxCKR$s5x3I3EQ==",
        "#=q$sTc1AZMnHRC7q_PL2hWs4JIEJoo88_IAFcWtrdNt$4=",
        "feffefefeY",
        "#=q00kXQ$0a$SV9DIgRtf4NWQ==",
        "SocketType",
        "#=qdw5QBoXX8FR0LrkjhWN3qw==",
        "ReadUInt32",
        "#=q1ZcUbkVKv7wahbk_Am8y6A==",
        "1)!1_",
        "_/o{U(A{",
        "#=qJ2Bo_iSk1Tt7sQHk7C2ESQ==",
        "System.Windows.Forms",
        "7I)qt",
        "GY!>yw",
        "#=q0zLeEY98tybLc8FS6iVEWjGp4MNZxETphcH7ohzBXuY=",
        "#=q7O26Wc9N845khaV1IlgZGg==",
        "#=q7Tql80HUgCLaL3e0n4j7ew==",
        "#=qCSC3Khfzx9$ef45TjPThpcJgh1Y2yjEovdFzCbywzqU=",
        "#=qiGEsYAsOSz$jy0hyBv5MGPdLIlePpwWMgCE_Abe_mLY=",
        "#=qHU4s4cJ8BUWy$MQH9LPGxTniDgLcWFlt1CmhZ7PNRWA=",
        "#=qoKX_5NDx$uDAqG3r2Qdnaw==",
        "-?&~]",
        "IClientDataHost",
        "get_BuilderSettings",
        "_Lambda$__3",
        "He?J^",
        "Single",
        "#=qXjNBjXFhVcOvrRAG8alfq96_gJ4jOa0wwNOaztY3QjLWnMT6wXGDzBnHuUkef5N0",
        "STAThreadAttribute",
        "RegOpenKeyEx",
        "VDw){",
        "#=qX52fPnzDspvxDLERxqgnmVyN3O6kmNVEBrlqQ9OVPeE=",
        "#=qsqmAgLqQh_pOiJq5Mcf5Ii66zl6iLnAX8VtqTy$uxhY=",
        "get_Name",
        "#=q6oykuAaezoPWCQHwIFBGYQJoT_doGKMmOjpzn6ZJomA=",
        "#=qORcQ89THKgijJ1sWRyjf4hLd1g4H_sosI9t_gkVfZ7g=",
        "#=qZHoyzaJ9rjmsFI5qWuYXUQ==",
        "GetResourceString",
        "EditorBrowsableState",
        "B8i\"~",
        "#=qRUXz_3fP21juNHWjDYL16Q==",
        "#=qcyp860KJctHXULF8nCr1oMRR0y2kU8XZrQHqsInbsAM=",
        "InsertAce",
        "#=q9rPQSTp$UBZiTGc7mKlh7h1QvRgfs0p_mQAaIRjRIsQ=",
        "System.CodeDom.Compiler",
        "#=qNQZrJgmZwpZh_4yrtaf9Gg==",
        "get_ClientSettings",
        "DeleteFile",
        "&'E,]",
        "Double",
        "GetCurrentProcess",
        "#=qU0vjurWIhbfq4$RoGXKKVfTj5MJBenZeu2wAtoCJAJY=",
        "#=qYGqPwTlQx5HSyCMpKnJtwO$bA4uyJcKD$pA6WpBamRM=",
        "#=q9M64o5ghSlB001vxhTt2kVIQeNtcHtzTvRgoYr2$PVs=",
        "|5rpe7",
        "#=q$JqWZLd6UPV3jmsDHksd2EmkHWISQtPlvGx8vZ7hHXE=",
        "#=qClMnNCTDhIIGUYHmdm$xCQ==",
        "Clear",
        "GenericSecurityDescriptor",
        "U!+sTj",
        "#=qikOQWBxvreUKIkKm4o4DoA==",
        "'6KfR7O",
        "#=qI2pAr92bRdzddapVaPVhbQ==",
        "#=qHy8pXlBCL$mvAXWQDJUnVpxgTTYNWuQ4Z7NdFPUhcZs=",
        "#=qEKdoqcCD2XVb2atXAIOmL$Gnnk$r2oNLDVsEymHbxMo=",
        "#=qU_ZXXWlv_8PtJY9coDWiH8$dVbE9S$EoqFVRvxhPtE8=",
        "#=qOgcjmweVxeuvMU4cvcFOmg==",
        "#=q0qLVKF4NbQlcaunYsixITQ==",
        "ComVisibleAttribute",
        "#=qWCa2pDyuMnzTMLUOIIx_zqZ1n0nAbCh3XpyakFsKTbQ=",
        "IPHostEntry",
        "32EJC6u;IYz9",
        "^RH\"-&",
        "#=qFaxhQMbuEyPeOadTfKIzX7ulwKfSulnteVvHU$QDlcs=",
        "b`h*&+",
        "#=qS8syUoAGHVUW8$eQd6_3_g==",
        "-kL?R",
        "set_WindowState",
        "S$'U|",
        "#=qfXdNdmKHZO9pILMTQ4gUIFhfl9KPJm2rU8y_LQsTH4c=",
        "#=q7EIL8N8VWglyI984D7TGpzIPvdOcvYIRRwfMeKNyDDs=",
        "#=qgPQkZ3GBDc371jzhubcNPqmxfqhr7b78DNmenmuxGa8=",
        "#=q85afbI_HcqBFOZnC0iAqsNghLb3LsuyjFtpLEYYoPX8=",
        "ConnectDone",
        "#=qfpNcQ8IYoPRIQgVc_nBfXzVjxVN2nY_mFz$PcDXaKKw=",
        "#=qnk9x1Gmlq5UZ_X95yAl14A==",
        "#=qrpluguOr5I7WIqr51cA8ZQ==",
        "#=qeWvkoUO61qxfYbQKV$cOPQ==",
        "SetBuffer",
        "get_Height",
        "ClearProjectError",
        "#=qCSH0DtnYKogitTpLw_M85GR1jr6BVuF$16hm8cfUYWw=",
        "KseXr",
        "^YkG#C",
        "-&&~r",
        "ptQY1D",
        "OpenProcess",
        "48zmp",
        "uP}b7",
        "#=qKqE6jaRKu5jJvHl8RwywXQDv4h_f2ISEaHK__Drdd$M=",
        "#=qR_QBxpRX$xZ1vjqVv0afDQ==",
        "ZRvcv",
        "#=qYuHUjnyRYHZqCkKAt0jj_9qFBzmTZKte4i1ou04eBWY=",
        "#=qAkkjpY6IHZssIsQ9hAxzTw==",
        "Invoke",
        "-T&s,",
        "#=qGHv1IOurZ6januU0XCThS7E6H0kqAtBD9d30RkoHFXM=",
        "~:}ew`",
        "#=qOsVShdMttD8jGLf8zW9G7g==",
        "#=qEWXagqzV$_PB$92aNfTAHdvK2qw2uvSxy$UVh0K_lso=",
        "ClientSettings",
        "#=qrzlCozsOJIqLxGzoulKftCL7kUWSuMYFdc1ca_yCcBA=",
        "#=qGjStw3GYbvUue5kapeAzmPJAl5$UDUb723PSvMiCGdU=",
        "#=qtLsfqPVQ47D3cdxmiwAJAQ==",
        "#=qnnmAgQGEsJw4dsVn9gN4wJbRL4WqsDa_V0QuBPM2E4A=",
        "get_Chars",
        "Variables",
        "Ns\\8OX",
        "#=qQoUfP$jAQrKMjDuqm54QmA==",
        "#=qnaTZqk95Z1a8JBLdKiF8aw==",
        "#=qwyLCYYp4MoTtTA6T$fEOIg==",
        "GetEnumerator",
        "d)PG ",
        "AllocConsole",
        "Dispose__Instance__",
        "#=q5j3wvJXlnrGmRnKUHr_1SQ==",
        "#=qyow7wBpiCNNIoap9jI9L3Q==",
        "#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L",
        "EnableVisualStyles",
        "fefeffefeef",
        "CreatePipe",
        "get_CurrentDomain",
        "#=qo5Pv9nXCIU9X_B8SJDUR_qgp7npNK2pA1rGP0GNQ51o=",
        "#=qQJBwIjtEvP$UD5Stcfj2wASGBDPz6YiX1yXx_MSfzPs=",
        "Empty",
        "#=qTZGarPS37Dw3Z3Ipg_AFug==",
        "#=qNdKVs_XU_xYgnUK9ZfVshw==",
        "#=quXVzKqGldmgtXgVm61aLog==",
        "#=qAR9aFFQPEovpFzvfokoGkw==",
        "#=q61s8d6EIAdSsDLLjqchw1w==",
        "ffefeeffefea(",
        "#=q6CxZjTl3_v2RHWKegcqMWw==",
        "#=qek1Oy3FoZ8ULt6r5iL2pEQ==",
        "kernel32.dll",
        "#=qvA35ZDPTM3VgF89oJb9AmWFE4pqnIDYGjeV5H4uvblU=",
        "bIC)<",
        "#=qxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecU=",
        "#=qJRbhy7_BbunS1O6hH3MqZIufpnZboV6cb5Cv4qZI1D0=",
        "MaxValue",
        "&&*}o",
        "get_MachineName",
        "#=qp4XZ9Ss3K04S36I$7WhtwQ==",
        "V._H8",
        "#=qMpgSfrZ_Z1PFlMpqVHDctw==",
        "ubzrn*",
        "a!5aE",
        "X*]x.",
        "NanoCore Client.exe",
        "#=qKKh2V4W51UBGXR09J__pug==",
        "#=qmL2H5Qgs6vv79mCqS$t3qg==",
        "#=qG8K0lOrmHWfP2KExoNv$5w==",
        "]I]XLh$*A",
        "3,bDD",
        "#=qUDQctXsgw3eGxqcYAxP8MQ==",
        "#=qWFUoT0l6elO8yn$hIYUL6Q==",
        "#=qhPT6K66KztLE5cE8YZMEsw==",
        "RawSecurityDescriptor",
        "#=qhz4yMg0WDLwu3BJp4fYr0w==",
        "lSgV'",
        "#=qgBCfMYp3J4fCYU13EId5uw==",
        "BinaryWriter",
        "go,NAw",
        "|I5v}",
        "set_BlockSize",
        "#=qg$lb3t6abG6vgSpzSjJlb_$AIzqYfos5cl9DWFolUwM=",
        "#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=",
        "#=q_gCP8hm5SSW7J$3R7xJuSA==",
        "z#cuch6ZI",
        "#=qQKYqF9uhb3QdjdrkvuxjUw==",
        "LeaveDebugMode",
        "#=qXKuFJhTO9qh0nlK1iXbbSH7y8Djn0mggfIDxOoarDyE=",
        "ComputeHash",
        "ConnectAsync",
        "#=qB7XWHK8gygwSs$Fj70FiWw==",
        "#=qJ598Vnr_RIwGnHqFfQsYCw==",
        "set_CurrentDirectory",
        "fSgHd",
        "#=qHj$POo$6pkhWHVC5cES_2g==",
        "#=qAsEDmMyJR5b6o5oAn_4$qhqe51JCfsU9Gffe156c8UU=",
        "#=qukf_DyAYprvhLsdhT4CGuA==",
        "#=qoTZi9XCxEGJXLELWnV3yfQ==",
        "#=qDEcM8KorEdChS9luywSNQA==",
        "IClientNameObjectCollection",
        "get_StartupPath",
        "MessageBoxDefaultButton",
        "oL)c3",
        "#=qkFwCVmJ2HhZ6r$uKeVZFFfVLdddj$WEInl9bSgbErDM=",
        "#=qEk42FAaXkrNIu2TP76IakA==",
        ".# G'",
        ".ctor",
        "#=q5MtzoDWNtlkksfPTHs5qXlK2k7ZehKenYzDJQrgdOII=",
        "#=qdPDxrK7XRQZlwY8QeW6oe0AEoOr3qND_WVi1o6l48tc=",
        "#=qvRKdouixzy3mopZ1VtjZRIxbtiSW2GAGLD$37iVLn9U=",
        "#=qJLXxSZzWSVDQjBBC8RxpqVbwxFaxTu3ygaLrjLvlmTw=",
        "LogClientException",
        "#=qJAZ7is41tIXMNDQIkGLgjRC15Eis_QBrdFx8JT2Rx54=",
        "#=qqCUKpKbVq45Cc9OUN5wTXw==",
        "AsyncCallback",
        "#=q8GRQigucU81Rfg9VpK7PVLcjulhhYVPijYKMm9N3PJs=",
        "C4rwC",
        "r[D}E",
        "<Module>",
        "#=qXz2OER2RItZOjngvYurWLQ==",
        "#=qXCUD4SfDr7DmFI64sweGXTg5Ns_ZxTOZPqBRcEKWTQk=",
        "#=qhVWucYSqOmMmp4RgG95tFA==",
        "Si+ze",
        "4.'[G",
        "ClientInvokeDelegate",
        "#=qlMIFeU84lweg5Ul5iSg2vZUvNnPKw11XA1pEUQfzDeg=",
        "#=q3d9CqFPpPy$rBhZvyFIRs_ElAFMHTo4ZZuE_g$Nfrnk=",
        "IClientNetwork",
        "#=q0myQQ6i89t9SZyjYDXZrBLa9ljWEUD7zAwJyyFZowQc=",
        "#=qKY90T141DaVDQT0DHaMEr8C6aPEoolamkqMM94Ir$TE=",
        "#=qM_mpCWjOCBlruGH_QcTQHocD7LUJCLuKe8ntf2VtQlk=",
        "IsNullOrEmpty",
        "#=qD3hoTFeBJT$SvX_fQh_aIw==",
        "#=qs202XG_JxpBwpKhptOZhRA==",
        "]FG;K3k",
        "#=qJMNT6BwQKSi707UHw9_x7oci6egKjto_AgHYlITH34c=",
        "#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8",
        "GetConstructors",
        "#=qVl3h61LTPSW_ew_st_OlTAm7x_6Xu4hQK$pi2fSiEIs=",
        "#=qSpdFO0arrQmbwA1JpPKL4TCAmwZYVDNVmpRQ6ryTPgs=",
        "Contains",
        "ThreadStaticAttribute",
        "#=qEhveuZChxbRj66Cj2kCGjw==",
        "#=qIe49uN8SyHwjwKdv9N2r$A==",
        "get_Assembly",
        ".*%6M",
        "GetHashCode",
        "#=qA4f0kKyGXTRnU4z03oji_RIPyVnvoC_BRjpESDLHXqY=",
        "#=qL_Q_RdUm_wJ7VeVwUqRXbA==",
        "DESCryptoServiceProvider",
        "#=q5WjY_m3ubVFfbJuyu7GMxA==",
        "#=qrJaovDbn6146mBrhFbUMbw==",
        "MemoryStream",
        "#=qhA4OqIvVSMpJakxtoytoCw==",
        "!U7aX",
        "#=qTYemjRfvVDuBO5lrz3Aq6g==",
        "#=q35mMBfMcRRKrjeZsPOCz3A==",
        "SecurityIdentifier",
        "#=q65znFg0_234nfnhL4I8yRSIMDpdjAosbzeDfyRZVW08=",
        "#=q_5hmJXim2EG1abw3Kju8nMffXDIbl5na4zXqclsRK_s=",
        "#=qAzhW8LcEnUCELlhG4klMCnw00GcHco1N61RthSA9zQU=",
        "#=qjcSlrUNMLgvZWN$58FXdrl22$0OjCpoqksNsslRtIFE=",
        "set_Visible",
        "-SK1$",
        "#=qmLTtz8OEDrkzFTzYkI_Dg1dvKwiGw9blNcZSU_QqMsg=",
        "#=qi3LnKomYQ5KrkAbxbJpKCg==",
        "#=qjAD5jc_8Kg9x$NoAqFAvpA==",
        "Application",
        "RemoveValue",
        "#=qNn8WS2rooUJUoMsG84mQ7PkK4IQF8$E42cyDjfL7Kqc=",
        "X8.2@$3",
        "IsInRole",
        "-,& ~(",
        "MF{B.\\,",
        "s%dEUK",
        "_}<>b(",
        "#=q6TsObh1LqPbvVPPz_YjbtgEdyXL$082jRqG42$db3nw=",
        "#=qq2h0VNJ4eWuHP5LphH0mpA==",
        "#=qGWcF1$SkVAOkK9Bjc82XDg==",
        "!V,(q",
        "GetManifestResourceStream",
        "c[Zpv",
        "set_UseShellExecute",
        "get_X",
        "ffeeffefehah",
        "FdlvK",
        "OlfJ@",
        "CompressionMode",
        "#=qkzr_P52_BAWJXliKWvb8Z6oiWEishcUAemTNzwiiwkk=",
        "@DFe]g",
        "#=qhYMTmNdkO7UsEcfduWinsQ==",
        "get_Value",
        "add_AssemblyResolve",
        "#=qee1h2XwRBJvy2g__X40enQ==",
        "#=qFNeaOBvMHuebCbgh$0IKkw==",
        "#=q$jOt_Qd3idEY2i2z8zIong==",
        "#=qoStPOR6UymX3IGbwW$iFxA==",
        "#=qkxH2pC1tIcRyW8E4TCtfHw==",
        "#=qecBuZmXKFD$jZa5T0d0L1w==",
        "#=qwrVB2mw7gzmYRanSJvSoPg==",
        "SymmetricAlgorithm",
        "(~3c82",
        ".cctor",
        "#=qGGQk9IvbDfVOJG_jRDHqOA==",
        "'UD_'j",
        "GetParameters",
        "OKoB<",
        "#=qhSKaq9YW4A_ja0UC7Difmw==",
        "*%x(#",
        "#=qr1BSJWWt4_gjKhDM1XdrUmEEDWmH$7z1xaJvthJ97EQ=",
        "#=q0yJsLo0aFpSu9ky8R9f$lw==",
        "#=qbbzTfwYbEfmovMRrVY462ipA8X_tt3oO3M_wSSE0I_A=",
        "OpenRead",
        "EventHandler`1",
        "CommonAcl",
        "System.Collections",
        "#=qW1UvUJT2hH$HRJ6kt_DhXQ==",
        "xFPb*",
        "#=q3VDCpnvucWhkt3J6zytXBA==",
        "#=qo8wG17V6QHcxsU4R0xmY_Q==",
        "#=qjVLlQtRAzKVOtyLrw5PhiGVVmXqMJJOsTT5DxaenWCY=",
        "#=q6FX$JRP_bY_ZCQbx1UwWug==",
        "#=q7_KHECinDx5vq1IBX7p8Ow==",
        "#=qK5Mf9uxDCjwDRfyJQ6kp8A==",
        "#=qx4AWw22LafncEy7CESjbGQ==",
        "c`RGU0",
        "#=q1Ld$ycQpy0q1QvYRFk1k5lwgysKVR2tJyNFjakVtbYY=",
        "#=qVVQJ$z9bl7kHgfvJohZnMPofzhiFJ4f4yMGK7Tpp6xg=",
        "_XvmS",
        "#=qFWLbBQgFiIpy22HFbhF9GQ==",
        "#=qmvGJ0E7$XHigSQAtHtZ6z$on2iAwFLBiFtrUR$DFhQPAtVI2LIgzNztIgPvlO9K$",
        "#=ql4R4vy5H067cy2C3KkF7Mg==",
        "DefaultMemberAttribute",
        "#=qGgXamaT7IeK3DM0oRfGI7LZg7FrEWNz8CI_5MUlFEJw=",
        "#=qo_N0HkUaMUQFRCOsgr2ciQEl_IzgJy64oQzCRnN$Qy4=",
        "v_E7o",
        "/.ffefefeeffe ",
        "#=qFBEI0HItLMNpyOY0AgRxSg==",
        "KeepAlive",
        "bZ-zT",
        "#=q$E54nUJeqC5jURP4oCRU9g==",
        "#=qMMkhBs_8vtf4989qCM6TUw==",
        "4'aDHS{D<",
        "#=qUzL7S_0eXIkbwTon4AS_WA==",
        "1j@@C",
        "U&3d>{",
        "\")cs`",
        "Restart",
        "&Hj<q",
        "#=q9VIijSO53lpTS2jV37$Suw==",
        "IAsyncResult",
        "#=qxHMqkcY5ri8Rsxs7KCJ8ww==",
        "#=qv1Nmoo$HMwdd1A0cX75UdA==",
        "note!",
        "TextWriter",
        "2H^}~I*-;",
        "#=q4rZJEBSRFNm6PYOH7NOLUg==",
        "#=qZbWC$V5YeersjeRitYkSUw==",
        "GetDetails",
        "#=q1t2S$ib6pQFvBWAJfG9B1Q==",
        "set_WorkingDirectory",
        "GuidAttribute",
        "#=qrEy8UTPh_zjKUNPlgJ2H5vQaVxSgPloAxSMCkFttuk8=",
        "AssemblyTrademarkAttribute",
        "#=qUlcwHJCewxIUk2tiKMDjXYc$Hb1k7TCZCyGdm6C93UA=",
        "#=qy2xCoaL3Dm6E0MYt7i8x7A==",
        "W\\q_b",
        "DateTime",
        "#=qh9KSqT0kHBFSDanZ7gXkKb1vdDfzZS3JIRcUnMfcljE=",
        "|\"{t8",
        "#=q5uvtKo7rLfT5wGY5TBS4ixmbpGEL_B71rwbORlBpBKA=",
        "{1RMi",
        "#=qqn0Pbku3c3j14idd7rNOJmIbi4WueHDQGNjxpToWe9w=",
        "#=qfGQBFs$OKLefNYKSta_Lbw==",
        "#=qYQagvH1k4NeWsCidwFRb$sQTZXPGouROQfmoImiPGDo=",
        "get_Version",
        "#=qCI9CHxEGVm3HnYdn52IpdQ==",
        "TLDP@",
        "GetDirectoryName",
        "Thread",
        "#=qruARjy_8oZkz3lsHPGxBMA==",
        "#=q_ux9H7Sh7a2A98b6QB8m4w==",
        "GetAddressBytes",
        "Directory",
        "U-hW*",
        "#=qgbI51haY38WJ4NumXDqnLC_uKv$aRHAyD63c9HgGYzlsFjikAASqT8RCSswEMouz",
        "IClientData",
        "#=qrcOHnfaYxPMN2$QaNhNmcA==",
        "#=q6zjWArzQ8Jv_1waqxSeP8A==",
        "#=qWFEttW6Y2i$LC7_zLCNdFCiHtPH1yR98w7TbmrS4vUE=",
        "#=qP05CRmbt2pJg10eRU50wu1vx$mfteEn$pCn9SEbehP8=",
        "SendAsync",
        "#=qaSWqhswYp72H_CatHelXxw==",
        "HideModuleNameAttribute",
        "#=qrXs2l$bWJlHMZLHncLNYyw==",
        "#=qeAiPMWOD6_wvQ4$bYsFv9GLgsem$trQFsnkw3WN9igk=",
        "JUz|G",
        "GenericAce",
        "#=qs77tphQ2NXlLwCZkimhHsowpXGqSYmOGtKiGHHIs4aA=",
        "CommonAce",
        "_$cN4pZ",
        "#=q8FSwXWaEOgeGW7OlBosSfg==",
        "FormClosingEventArgs",
        "-\\&(#",
        "Yvc),",
        "#=qY9NY2gigPsj8X4CYx0UCT2vGlqkgsq6GuC2fWqP3Voc=",
        "Q!Y+M",
        "#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=",
        "set_AutoFlush",
        "Exception",
        "InvalidOperationException",
        "x&bLGY",
        "05MB0",
        "#=q9DR9MBj4z9rQMPU2Q48EqjtFhU8AMGWHK02_s7IakJ8=",
        "get_UserName",
        "#=qJ8bMKCzzllPDbJIfPSoGMA==",
        "7&NM\\",
        "#=q$fGRvwQxjFKeY$SH10p0pyPTU$R77VMKr3CcLFQeQ2Y=",
        "GetBytes",
        "#=qGzqsy60d_qAVRip0TvyGow==",
        "NanoCore Client",
        "#=q95w9MpaG4ZcgkGgnmQITOdHr5IaLXD8aC6o3EqtE0PQ=",
        "eN)9qy",
        "ToUInt32",
        "BitConverter",
        "set_Position",
        "S4ub.o'",
        "#=qAk5SEnvr6iWKzWTaOapTEA_BFwuNkz68xuZLTnuQOh4=",
        "#=qREZQml1AE$F8eb3teEaUmQ==",
        "GetFolderPath",
        "GetTypeFromHandle",
        "#=qOR7qPTYp9qHTyadzUKgUYg==",
        "#=qxH0vEx09STdEljqb$W1E7jvc94T2TeZBAEeRdiG1_PA=",
        "EventArgs",
        "#=qamR76KZ1klLpv5s7oSbjxA==",
        "W5LWz",
        "#=qJBJs_Q6YmbNTnGoWFx0s8w==",
        "get_Current",
        "#=qtxap8xCUFH7z14nNy3cjjw==",
        "FileMode",
        "#=qlzCbqLxFuzycCPDZStFfAA==",
        "{J82]",
        "#=qd5f1i4cDO3tAO_bEb7g1cw==",
        "#=qfHad4tglpNfnMqZ6nFkPPA==",
        "#=qZRkZQGrnZUWoFBVE_TP$5Q==",
        "#=qS8q1FyJsn2_ukKh5ONBATg==",
        "#=qA$TQXn2i$KwpdqxTX6vvVw==",
        "#=qEIGjjvppBA3BShbdBfMkQQ==",
        "%InJca",
        "#=qOKSmYE47P2z$UXqGETlnfg==",
        "#=qbMe5UnnXEF8aurHaZz6klA==",
        "#=qDH4GuNn5iW6RFhEPrfs$pQ==",
        "#=qJdNCQZ8JQCfthL12ut8Zgnr9$rl3CuJQ4GAn54E6CXs=",
        "#=qAsxHG9v$MAI6$NruMbxEjA==",
        "#=qk$cpdn6seqbcKjxGnztc4w==",
        "($(6h",
        "set_RemoteEndPoint",
        "#=q5hEV9yBEvglIR94FFM9OBszK4aiazrmJrQshba2kpDY=",
        "XKic8",
        ";_Zf[",
        "#=qcCYGLZOh9EpzU$sjJG8ZyQ==",
        "#=q79YE7jk$t8I7uIUVykHcVA==",
        "#=qF7qP$SJNVn6Q0z6ARFaJgM2aiYbkFhrfYn4Rl6Odj3I=",
        "lWKhz2",
        "#=qQtwc_i6uv63Hs$aOrPLxrMU9lMXbhRW79NANZrRxozw=",
        "TransformFinalBlock",
        "#=qDt_4RPbN$YmUyKsVRrbzrjU6uaXWwjHkaZoJAcuFCCs=",
        "#=qP42Tluk0y5t5VrN_nwVhnaX9baaRq2NaLaW6RMHNX_k=",
        "/QX}e",
        "#=qrSKFiRrFo6$kUL7kjfG3zg==",
        "CompareString",
        "ubd_A|^",
        "#=qdwmMObmoGgv5eEpelZDrHiipw5mUgryufdcXXig375Q=",
        "get_UtcNow",
        "#=qmiBgFZvSMQ4WgT0UQIJlEGkYZhWP0gsBGd1anIAH4so=",
        "#=qKKJCW_KTAsIH3uNlP3Z4Tg==",
        "Equals",
        "#=qDwymJFr9Z$8uhJ6g7so5xw==",
        "#=qWrm21vQ8CBMZP_RBTwpusA==",
        "#=qABNlGFDc7nOg_C39swAcLA==",
        "#=qTMXjZFh8G1ehMXQzo1c_k7izR$ZNvDyCJY5aoZ0yOe8=",
        "#=qwHAjqAoc2lT8vaebbsWerg==",
        "#=qyI9vgsKRXHDyyks4VCAjzA==",
        "#=qLLh1749MqIyRucx6BFMp7Q==",
        "G3feffefefe",
        "h]rYT\\",
        "suq)-\"",
        ">Na.q~",
        "#=qObBSq08BLhHK8B6pYQSLOw==",
        "#=q3p_D2U81K1hW2D54P32yDw==",
        "_Lambda$__8",
        "#=q62cZqzG2QOltpyG5v7exPQ==",
        "[SZB+T*",
        "B.u91E",
        "#=qiNB6YyqAJbx2uPAiP1Ihw9dTNEtwaZElmpYLZcGO64Q=",
        "#=qtcl57G6kPr7DDYeWeY389w==",
        "#=qQ7tSKwAULKz8TSFsLbtapA==",
        "Xj08'",
        "#=qOmCJCQ4xVqqqlvNEZD66Wg==",
        "#=qTawRDksY2KFvY5V2vw1_pA==",
        "`uc0^],\"",
        "get_RemoteEndPoint",
        "2jx>7",
        "#=qiJXCsKWBF9DB88uzW4b92A==",
        "#=qo8RCFr_ecPE9NSA5cyD6QQ==",
        "#=qQUdl15sQ0xTV$45YaAtVB9Bx2NeRc0CC_5Lr_HuNXwU=",
        "System.Security.Cryptography",
        "#=qw42CdKVHw2dycv8VU7DItg==",
        "dyt-W",
        "TGpuY",
        "GetValue",
        "Enqueue",
        "#=qeADSRAqxC2FlJbA5Uc5$2A==",
        "#=qVqTMYHwCmwUHM6kkpNkbGw==",
        "YV= J",
        "#=qwGYG3$xqr6oMjxRyF4i0Uw==",
        "get_Count",
        "rm-^|",
        "#=qRtpaHvp1hQcEDS$UubP_mA==",
        "#=q1r$Sd9Acbw6KsKv_F9uYTPvvGAfiEwUnai9OGYAUQBg=",
        "#VO'S",
        "43s@a",
        "#=qL2Az2fdQv6DkEBC_x$bbMA==",
        "ProjectData",
        "#=qWszclzYrfU2ikD2Jo7BLiQ==",
        "-[L=k",
        "#=qcfHq18AlWjOy12tBCM8Tbw==",
        "ValueType",
        "#=qaysgaPdcuRrUvev6__tYEA==",
        "EnterDebugMode",
        "ResolveEventArgs",
        "#=qokX_wSaMFvPLXvDQY377gw==",
        "Delegate",
        "V`6Xa",
        "Interlocked",
        "#=qs1aB65G6$bPi1$cdOrXkCA==",
        "#=qFWCMyHOrl7QbIPkMYdiWJg==",
        "#=qM4zv780c6Jc3GVu15xhaulIEjuiWD$RKEtosugOXKLA=",
        "{p@==",
        "MKV)/>",
        "#=qnDLRD4lBlfyGeJyuSeq2WA==",
        "-/&~J",
        "#=qd92UVUgmlXoQZdJDkVvBpfqQ5IrxjaeWORyWFC422PQ=",
        "NanoCore.ClientPlugin",
        "#=qYCS3QLrXk$FWhHR$BIzDXQ==",
        "#=qJOtLSdKNdNGjNNoElacScY2TTWmLUvN6XZsl_FLfP4o=",
        "get_SocketError",
        "#=qOgNXWEIS3IQJCnff_sTmrA==",
        "v9?*<",
        "#=qHdV5wMNiXS49lDrqJF3pqA==",
        "WrapNonExceptionThrows",
        "GetType",
        "set_Key",
        "#=q3C4Iol1nMl5AFLWNdE6nxB2_kG0uXzx35vvsn$gQzt8=",
        "#=qdiuHngY4wejUsgFY5u7CtQ==",
        "SocketAsyncOperation",
        "gw~L\\",
        "fefefeffeefa",
        "#=qDTvHA26pSwiGBDknUzewBVNt3YGW7YeSiQRH8F$_CMA=",
        "feffefefe_-",
        "Version",
        "#=qpSjmalSIZ6iBUAWRLBOkQ5sPqtZAetb$LjkOVwAdUac=",
        "#=qD_C1_4vUU8j6eQSUvsJDw_O6DZliNi$NDCaON05RwdmBpVqAu68W00hmx80mCKp6",
        "KeyValuePair`2",
        "#=qbzig1$2CwLluEJt5uPtpgqPx5y_2S$GoPgJP36N8bTE=",
        "#=q3eIsVMg85$T5I_yeach_tN$TJG7$vFUaeExZx7tMHps=",
        "#=qxLboOdsVFLmyLD939$tUsnUMYRMeFnzOLiWxQdY7sdc=",
        "#=qSl7F7iXGTH9iNXHds05fxcgA7Cydd52A6vZtHH_41F4=",
        "#=qCy_StxaanQioOSGQ9LimCF9_Wy9AMBNKclrIIUI0AWs=",
        "#=qUomzGDQTZY7jASgBmW35Fw==",
        "#=q7Kx5VWqZvUxLZ2L5c7WH8A==",
        "ntdll.dll",
        "Wq(`eA]",
        "feffeeffeef",
        "#=qc46h_4WA5z0UkWODs1nwXg==",
        "#=qB8Wn1MJrSNWupWDx0sYcAQ==",
        "Mutex",
        "#=qHtBOSXbLfhirIdzL218uOQ==",
        "ClientPlugin",
        "#=qeXI2ChPq1TaKaY8cTwWe4uWAyXSGUqAWxM21uH$6gYc=",
        "9feffeeffefe",
        "ReadSByte",
        "}Fu\"$b",
        "#=qo734_kbse$6lTIlwlz6A8A==",
        "#=qhnLoeDP_EbzJexQQPp_LLA==",
        "3[@N:",
        "#=qnDc3CmkCB1QeN2dXbmqV1Q==",
        "'5$&;",
        "DebuggerHiddenAttribute",
        "#=qfoMVJHfk0BnMs4x6mHO77Q==",
        "#mvl9",
        "afeffeefef",
        "p20S:[!",
        "#=qWsrg06gTzsE5hhHu57fJFw==",
        "#=q$6Q_u19FhL$wNOun9AB$CQ==",
        "#=qW1Ty88cS3yMuRwgBrH3qpw==",
        "#=qGPdnFVTlqnS4tiFpuQulXa$2eC7Pe6YqVeImkUGsMl0=",
        "#=qXOmEbR_8DUzPz6sW4Kmd6kaKUIQOYZdTpvq2CkB17PTlG1zEUgI_P4skJXU2VwtO",
        "!7k&Y",
        "ArgumentOutOfRangeException",
        "#=q6uKQziMZIL8_PaX2KpbPTA==",
        "/l\\g06",
        "#=qvz1sVA0ePAgs1nzIHQTFVtjljpeJ1QO1S19vLxn8DMU=",
        "GetName",
        "ThreadPool",
        "#=qOYQA1S8VHR$mOO6XXuyF9Q==",
        "Control",
        "#=qsB4PatedVyMOyo9s5n1OTA==",
        "#=qi_z83UuaQZa6UsXCAahbTQ==",
        "#=qQqZpewiWxGMAW$tQ9Rz23Q==",
        "c1 [1",
        "My.MyProject.Forms",
        "Vy`?:o",
        "0J8>')",
        "#=qZvjD49iuetyLKBIiF$ZmjA==",
        "EventHandler",
        "StringBuilder",
        "get_FullName",
        "&&*}c",
        "#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA",
        "#=qw1t7iX7Q4P$CBQxdhg13BQ==",
        "#=qrQRxQdT4MC1qfwOd4n14uA==",
        "#=qa3EpMqO3KVCTrDUnetWt6fRbeWox1uN3vfSP5v_W_wc=",
        "#=quebj1wBCmruzAKmg6Y4Igg==",
        "#=qhme1CFqs_evb4VXik7N4x7lNdqSfuNy3r3OUWZ1V4Zk=",
        "#=qKpwDTqgBVuprqflj1$7QZw==",
        "#=q2Xp4jW9C8Ta21HxmpVVhKkrHyOAsktLziyvL$pPr$5o=",
        "#=qCaHpjtavBmCU_o5x0kJsKA==",
        "#=qxG1wJpkOHyc4AD8gtAdxAA==",
        "-<&~C",
        "#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=",
        "#=qui$hq6ka6v3VYA7sCjpJmcmNECKESf33DUzrmeSOmg8_E_GsgWi7VMMVWUGuO5wH",
        "SearchOption",
        "ClosePipe",
        "+`(Gb",
        "#=qb0tmyILenEyH_R9DXJFwB5rGNfkKkR0Y5sGtBRsV3YE=",
        "IClientNetworkHost",
        "#=q9Dmi1iXzL1JAj2RiS$Q5mw==",
        "krmWR",
        ",$&s:",
        "Microsoft.Win32",
        "#=qqRc2eOIidDtWq4y7W2lAhSyv$pBRJdAsYlXSRUcwizw=",
        "#=qvbTNBihG2zARsewkRIFTSQ==",
        "#=qWLKNBubktRcyu8vI4dIAJNOqajvyL7NccmUEC4QD9y8=",
        "#=qHiBdWLOLLVg67b8lN8FRqgmYNWZfcDieu2MH9_zIY6Q=",
        "#=qOsu3u3mLIa8ikCCuCoOv_w==",
        "#=qs0qPjhSgxy3k5gj_gt12EQ==",
        "Component",
        "#=qcrlhteALkcfYnKFH$UWw$HzZqj8gdN8_KwUKIC_ywUo=",
        "#=qXuSOL4ETByiwdARI_Ds0Cg==",
        "ReadAllText",
        "#=qUVvjDZc2eypEDWG9cFZdTg==",
        "#=qP6OAxyfxw$Mj0oVKCDnh2VZfwY2Ap_uDBmUyxkn98Eo=",
        "#=qsOMWyP3LvE9$utIXVnRnmQ==",
        "FileAccess",
        "GetCallingAssembly",
        "%vz4x",
        "#=qIOX_rwHrS_RLFL2igzRsUQ==",
        "4FS;,MM",
        "#=qKXWwuvxG9klNObPbc$UF0LIw0aZIk7Z0VPIncl8uFJQ=",
        "D|3[5",
        "#=qhv_9OQaSyr5PWElvgkBxFw==",
        ".a;*x",
        "get_Variables",
        "#=q_UogavoS8ANyZp2cF0B9t7qG1b3QUqGTYeTlmQIKxqY=",
        "G&Eg\\",
        "!].p]",
        "#=qU_UZ3uhfwWgI9uBw5HT3xA==",
        "#=qbFnmVfulgLVjclcqmmhqFw==",
        "#=qccx4d_xNMPrZUHpmyYb7fIKkXAFa5XEyOIxXg$XLtBw=",
        "#=q9WHClFSp7T8oS_DNFEbAHQ==",
        "GeneratedCodeAttribute",
        "#=qIKJSaaKraxRzi3AD57FKg9MQkSdmOqUcHNxKjSZFGkg=",
        "#=qixBu4j6Hm11f3$mLrzkCcE4AVWtWeNn5nQguwdGbWGg=",
        "SffeeffefeYa*&+",
        "get_ExitCode",
        "mBS|c",
        "set_WindowStyle",
        "#=qRkk_hj7p4gbUu59IVllqeQ==",
        "op_Subtraction",
        "#=qy1cXcK8A6uRpLlCz7UKkNw==",
        "#=q_kGyEn8KrmBmt5M1N9cUSg==",
        "#=qSJAMGBE37IZjr90jS4_MYNWNa1$s8PXhOErbnAhK_ZI=",
        "1.2.2.0",
        "#=q$7KUBFuOZT85iBmKYeGgXQ==",
        "2N`i!",
        "#=qFU5Nq8bBPIPoBGBl$k8ehEhmgSoFzsflrFNnOQsCK6E=",
        "WdSH6",
        "ToLongDateString",
        "#=qpNR_LpdLu_eSOZVgxbr8UFRlKjbiBX7LOuGAbGS07mXUJI3AAilu14uPN_kfaTpW",
        "#=q1vWrLhskrN4OoWzxKuDDSQ==",
        "Increment",
        "QueueUserWorkItem",
        "#=qyo6slTMfgD8IrZ7nr6inHA==",
        "#=qz5nGZygXT2sWR5FWGAcAzA==",
        "i,Id`",
        "-4&{c",
        "CloseHandle",
        "Qo)hSX",
        "mb]OE)u",
        "get_DiscretionaryAcl",
        "#=qyMcWoZuG7jRWeztMnp6fPmxxmqfVgP7DLzGs7HeF4Mo=",
        "#=qDJ0VTVPWfAWYghKX_DdnsQ==",
        "@4;oOB",
        "#=qSh9$w8INPkos7acCjV2yFw==",
        "#=q99eEsMLSp2$EVfl66Ua2d1YMqB58RPj30lLgJzJJ64o=",
        "System.Diagnostics",
        "|.euR",
        "#=q8xbuK7pqyq7mWB67vviBtOo1WSCccuR7xEQnGnyxMyQ=",
        ")}8.m",
        "#=qtS81hD$ORACBvdEkFyqaXA==",
        "c_Nd<",
        "#=qxG$Aklpbf6gyBfAqTMmORA==",
        "#=qqj4vWwKBJgvjF_JTc8V9cQ==",
        "SetProjectError",
        "get_AddressFamily",
        "set_LingerState",
        "#=q02vg4rlYSKrSiDNi4xWbtg==",
        "@iOLO>??3",
        "#=q44BQlEuOnjFd0LbnzKKIIg==",
        " :hu'a",
        "CLSCompliantAttribute",
        "j#'B=C",
        "#=qy7SaTx6mT2Pix1CP6ET1Hw==",
        "b'Ohi",
        ",Q:i7",
        "#=qyU_gXk4hv73zg3zoSZSLhQ==",
        "ReadDecimal",
        "ffeeffefeXa*&+",
        "#=qpXMe_UDgWsOaRVi$02jxzg==",
        "#=qM9NIml9iDZh$Fjh9MocFWw==",
        "#=qVqLFp2u1the0Txg1vhieSw==",
        "NW@5q",
        "-&&s9",
        "#=qmzYu_D9f4dvUPauEaU7zvyNjCyGp_73Xn5SffrcfQAU=",
        "Encoding",
        "#=qZDHx38VzWszDP$NdqQpGo3ak_Z$zbLpODJse1_Sr2hk=",
        "Dequeue",
        "#=qi6IJz6lHhd8GI6qygHcvTxSTD2wk_BSYwC2NR2eR0yg=",
        "Ko*/B",
        "fAE`C",
        "#=qaPkEKJmdD7BgG18R0WsnHA==",
        "FYodp$",
        "#=qbYAYBaHwcEbf1CaxjAi1bw==",
        "#=qGjp0Vb6efONwANkcKrMTkIBxJvr9AleFfJriudyTw3c=",
        "#=qpghRvZG4ZfcsmvAYC$o8qN0WjB387Pn9cG$Y9HJ3uwU=",
        "ZLvpY",
        "]%vkmj",
        "BinaryReader",
        "#=qbmVTgf9cRSZkM_UgFSJrlQ==",
        "#=q3rtw1eBB$yyPLXzQW$mDOw==",
        "#=qD4n8L4W9wQXrF7w_31K9bjmy3jeB41mSJJrYkh6lpiE=",
        "GetCurrent",
        "#=qdObzsTSX0MpvDi$OPjsFh219oh6Iw7DshgNWGveAvBQ=",
        "ConsoleApplicationBase",
        "#=qRIR1iTmdtHs$eBwEdoKphw==",
        "#=qth3CIdKay4zIa5SBJzx7eA==",
        "#=qglhcKpwNlOshaHMfwiT0UA==",
        "PipeExists",
        "#=qFgBBonKcV6U3Je0BKZZdAZdyEla0MkDel5SRrEzLUvs=",
        "aBXL!C",
        "#=qwTOYF_qEkI0dXowKJYtI6A==",
        "#=qeE3S$kdx9R0s10U9GzzcFw==",
        "#=qNZVIIdU4QECigaum94nwLctVkDSuRt$X4_IjuFpWVuY=",
        "#=qRACckQ0ejzlKZgeXX_CPJUyKbl7Zu7QfhWW6eMM03VPusMYB8LREfJZQVcTGHBm_",
        "#=qIrsTmpVUMRgxokIHlpGfmLtKeqxo7vQsjSkKUKFpH4k=",
        "#=qt0$GxMKBUHqpa$X5z4IJNA==",
        "#=qEVnoj7wKonGmgnYpK7PNGg==",
        "#=qtz1ayBjdbHAw$ecbWtEnYJXs5RBd798kqoBvIJunFxc=",
        "#=q0M0RRypoNIjajWAugf6WjbxM$GiKS9VjK_mg6sI0TI8=",
        "ClientLoaderForm",
        "#=qqMkZyGiL$PHkYblZrq1S69029tlEdPXkxbM_smmrcRU=",
        "System.Runtime.InteropServices",
        "@pN_02Z",
        "#=qAlVTP0_ZXWJdoW5RI3VoXQ==",
        "#=q_$06eDx4N3eSJzkchUhbnjKtHnRsckM7I4ZqcwfQO8E=",
        "#=q_jQLaNdtSDa6ovA0VGw50w==",
        "#=qyNgKOA3iTYvKx8QtBmkDXA==",
        "U/<Np",
        "get_StackTrace",
        "#=q9lvTmS27dN6FAh4mbOnRsQ==",
        "6BAna",
        "TMpO|}-",
        "Computer",
        "AceQualifier",
        "QLgQ=",
        "#=qdupfYLPCEHNi$xwR52i0Lw==",
        "#=qhRDMBTieg0MID1DJ88eKUA==",
        "#=qj8dHXOkfX1HmIFktLFgFBNrpDhCGGJk0RPJopDOaBy0=",
        "c!};z",
        "DisableProtection",
        "#=qyGoc_ssbL9RdagmvuBld1Q==",
        "fefefeffe",
        "nT={iz",
        "#=qMoRe_p4fasg7BcMJcnicWw==",
        "#=qsx3W$FQbKM7QI$Z1TXWW5A==",
        "#=qO4hvdkAW0_yOcwEk_VD$lw==",
        "#=qaxeBDkuvv4PncQ$UM0p8ag==",
        "{4u-1u",
        "NanoCore.ClientPluginHost",
        "#=qy_aVo5ze7CCnCYXCQvhVBg==",
        "RegQueryValueEx",
        "#=qaRJX6K2L3xhR1w3zuwE79w==",
        "Enter",
        "TargetInvocationException",
        "#=qbNq0eOj9Pw66KrsrDd4qnA==",
        "#=qOTqiIHVN4TWDu4_xhgbifQ==",
        "-)&oN",
        "-7& E",
        "#=qZuX180bPJwK7MhIsqenk34Le3ZCQFFLgmBb4sMlYIpg=",
        "#=q1kCP32T3CbXwL6JS3UekkltOicB4KjO4W45iMQoNvNk=",
        "HOf{`",
        "#=qi1H2yZDbCxvPo0ia9nVnuw==",
        "mscoree.dll",
        "KNTzW",
        "AssemblyName",
        "#=qnOTCmwQWr6BtiNf9ta8BJg==",
        "#=qOWs9MBREWujnaIdYgAI1lg==",
        "DnsRecord",
        "#=qjryTBW16mUfo_ItH9KWoGQ==",
        "sUjT[",
        "#=qSoHRCAcaypsR55EueXBy1g==",
        "#=q0FQ_PiagXHm_B8aG8Ji9Dw==",
        "Compare",
        "#=qRHdMxv5xMrip5nI3eHU3Y52nJ9DhG_ImQVoJh$ooupk=",
        "FormClosingEventHandler",
        "Operators",
        ":UkKI",
        "ReadInt64",
        "#=qNsyg$dsR$GJkSvK2TftGTNPuC8S809j_UmmfNnXTTOo=",
        "psapi.dll",
        "b0+MtA",
        "#=q6odj$nz79NlWTFUK6$Vbrw==",
        "#=qzjreg8z0D4BPrx4RxUJBoQ==",
        "}*Skz#\\r",
        "BeginInvoke",
        "#=qj9swjNLNpEBN8mkOlVmrOw==",
        "|txmy",
        "#=qRpw30Lh0nfhDryqjhyjikg==",
        "#=q2l$b42bR_hlbzUjQTk6vFw==",
        "#=qWBzgr2CJEoV4DPIbUzdZZA==",
        "#=qWsAxoahmYzeECOO4WB9kTg==",
        "MessageBoxOptions",
        "h;?N^7",
        "#=qF4e058OW__NtTzhWOs1UXEJiHrTSwnIZ3q2u9UaLbo49AZaoog8nMfoDeA9BGVvy",
        "get_Connected",
        "System.Runtime.CompilerServices",
        "#=qDJ8UKTQIGM$_7XkvuUdssA==",
        "P1K.d",
        "#=qkbMW3ViV2G4xkJU4KS4XYUwKzC$oNmhjZ49L9c8BrOM=",
        "#=qCPeeDj1tZ3_XePWJJx7FTlBzWHbtSGvCe1Je6nRznW0=",
        "#=q8fYxP$_i6Xk0$6OlSwUHKcvhrevHxLXqXqvszBe9OtM=",
        "Exists",
        "#=q9c$dxNln4J1nxxC7UNVnfSKvSgKS421$zTS6z9ahlusddEno_MZclU7Qbfc$Fyw5",
        "#=qa6Qg4SaIgpIknX0EmOdEQg==",
        "#=qSLl9utb6ViD7fbZHSox8oSv7PZDBMO5b6MBr_gzzHF8=",
        "#=q7wyeNFqtiGUhQt6sicod9g==",
        "#=q4P1tyVDbmSIMgskx0BrPh5ZxjoQy0earrulDSsNhpg8=",
        "#=q4fCxMFfzJ9KgfK61DJRvZ5wDvDfYnqR8bhY6TGq9aRk=",
        "GetFileNameWithoutExtension",
        ".text",
        "#=qg61MaViIt3ErBjuA0N9Xrw==",
        "NanoCore",
        "PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX",
        "+# S&",
        "#=q2JCFpXLqGkqf10Rox8zrAg==",
        "#=q3_2_t217j7pS3JjemZNI07w3dukMmHXPSE5$LTnvGS8=",
        "#=qN$clRL1tbKGnARF7__FwJg==",
        "#=qoa807UEkAFejsz9ub3crU9Uahxxj5JIyAtKhnrEn$dU=",
        "IDisposable",
        "#=q6W8MK4LKkww2JvseikWqeA==",
        ".t}Dy",
        "xD1\\GA",
        "SetThreadExecutionState",
        "eHngd;I'",
        "#=qQCd2OoCcjOFxsuzhZKv2M7$UnAX8JX19NdffDxgtv3I=",
        "WriteLine",
        "#=qZnbTkU5kDU8O8$hMGiNZlQ==",
        "$#%#&#'&98:8;8<8=8>8?8@8A8B8C8",
        "#=q4kUEXPi93MnvgzV6ySNPRQ==",
        "a%sdRwu",
        "%5HEl+?",
        "#=qeAvM9D2ZXEFg7Zo1J5PeVA==",
        "Connected",
        "ThreadExceptionEventHandler",
        "#=qqsKAc3v0igxVSmn4Feg8q$1tNTWiqtCBpA_xMlgU$f8=",
        "#=qtkqHWk1kvmO5zt3tTCyF2Q==",
        "CurrentUser",
        "#=q3vPs064Rj1jBOLtFVqV4DA==",
        "#=qYfWGXuhZd0cmWjiCvW2EPw==",
        "_Lambda$__7",
        "Initialize",
        "B)b;q",
        "#=qTKJrybVS3pgV4uZ4KNtp3g==",
        "-,&~~",
        "#=qxybSLhWq6EDNDl0$FuPN8g==",
        "#=qGfiJ4oSCDzJJaNmf22anQw==",
        "#=q5esm6BVWqrzEai7Zgw0cmQ==",
        "{%PH7M",
        "advapi32.dll",
        "#=qKXbEtqEIo3E2xdYWIElxIQ==",
        "set_ShowInTaskbar",
        "z7zqT",
        "get_Exists",
        "DiscretionaryAcl",
        "&&*}n",
        "MD5CryptoServiceProvider",
        "#=qiO2giJomMFK1wa5$389nVw==",
        "System.Windows.Forms.Form",
        "TimeSpan",
        "B8h%X",
        "#=qe99VPFgyNENK$KtARK_iPuwvOEw_NRgC00PdG55dmGA=",
        "#GUID",
        "#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=",
        "beh~@",
        "^85<E",
        "#=qsY8nKQa1iMT2g$sVoLy8u9jrLGP9DMATpaFjFx3wjNU=",
        "#=qR0v_DeAkzbUr6_Md5tN4PQ==",
        "BuilderSettings",
        "IndexOf",
        "#=qovc0J7K6b9Eq_C0K46rbmg==",
        "#=qoT5qP9FYCI8F5V3gKO7eMg==",
        "c@9J`#",
        "#=qzzNUaijPluPyLfyxwDObxw==",
        "MessageBoxIcon",
        "aJCc<",
        "StandardModuleAttribute",
        "M8w<+",
        "Rfc2898DeriveBytes",
        "#=qgAKbtXqj_idozuy66wPGJA==",
        "ReadBoolean",
        "#=qlsj4Kl0M6SYgZMJLZ$QkSw==",
        "#=qFikK0kKzvE4fvbzxpsrllMMR8oLIJtNPAGP1lZZ4prs=",
        "#=qP_nucp5xdFjeAVWRfZ2XfmvYhkwWbeeu3y2fkxvS0yA=",
        "Enumerator",
        "_Lambda$__1",
        "#=qPjPHWXGbaA$51Cna2ZaMpQ==",
        "KJkhAEW*\\",
        "System.Net",
        "add_Shown",
        "#=qC6KOBEMWwIsQr_847d$S8A==",
        "#=q7YEFsRA19ZrxKTBeL$y0fg==",
        "#=qlFQRS6FW1ex39P1F_VW7Eg==",
        "#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=",
        "#=qXkgpfghvTKDZGlXBGI4x9veQO4JfjF7GW2ECw9$L3EvyKZGOnziwXE2Xr1EkpRwe",
        "Microsoft.VisualBasic.CompilerServices",
        "GetTypes",
        "PtrToStructure",
        "OpenSubKey",
        "l[WM%",
        "WMPZv",
        "#=qwVGSEK8LoRuNWEOYfq8$hq39mmxHzM3pIeoRef7XNt8=",
        "#=q_WoKv7McWxMc2YtmbiVaCw==",
        "dnsapi.dll",
        "#=qVIikDYmLtr_O$2vZcqLhHA==",
        "UnhandledException",
        "#=qonMVJIv_P7bZ29oJ_eSSxA==",
        "#=qChHxg92yH05lHO0u7UrDcPo$UK1nFXIjb2DI3pyR0FE=",
        "TransformBlock",
        "#=qRYSdRGBC6LM4UFJJGQnk7A==",
        "f11Yo",
        "v/,En\\",
        "C4vSd",
        "IPEndPoint",
        "RawAcl",
        "#=qNzt$mJakh1Nxv4vDRDjTsa1OVDKMAlRCO__qncxMoXRz8jNE7AWvE0B4WIqANR1p",
        "aC@5=",
        "#=qFlfDskRbjMOXZPvSw2W2UA==",
        "#=qK4wGebauvtmTKO0oAyLFzHLhr9rU3HNJmU_ur7Zop$YvLzV4HzmIQ45YslW_q1Vc",
        "#=qP3lBpu0cs5q3Lf$qXSL7q6szA7E5M9NqMzkAFV6l4CI=",
        "Close",
        "#=qh7diH14jww3Fm9rMJ_jIfQ==",
        "System.ComponentModel",
        "#=qGS6wNk5u54YEpqtjtMFIpQ==",
        "PADPADP",
        "#=qHtuZg55b91a614FmHMsOMQ==",
        "#=qp9IgcHwNxIVh4GZl4S2tcJtSz0NII67aXwFNDcdhP63JHe9MNg0kPsAos3IUd98k",
        "get_TotalMilliseconds",
        "get_LocalEndPoint",
        "#=qhbsl5nSqHjmKK5u9FniHoA==",
        "#=qM040QWzx1oySCgUyYWc9zA==",
        ";6$)S>",
        "<K}H0r",
        "#=qUvO$SDWQpHm3uJq25yzwvw==",
        "#=q0EPYqANhk$fGDlTztPFu2jRCdUruoFdUMwStI_GHseI=",
        "I16QY",
        "#=qnIGrpAn2e$qTqbA22$ONbQ==",
        "OX5-n",
        "#=qcyVktfYxc51I1XopnwGNjQ==",
        "#=qRCCuvWFd9_O8CfEZhkJtSA==",
        "#=q37jfceDpvm0BhKQMkpktNw==",
        "#=qd3Itd1ELDPHJxhLvt0y1NQ==",
        "#=q2Sd$5fx_doPt8h$UdBacAA==",
        "oFu$!",
        "#=qdsDfPo0zxdY$R7euM0a_vw==",
        "#=q0uUZuMiILVbPeB$t7lx1a0Is1IW4CfkB9ovgW99kERQ=",
        "JafPr",
        "`<hNE",
        "get_OSVersion",
        "#=qQrBlfreeUYUGyN3hPOorGA==",
        "N9Iknq",
        "!This program cannot be run in DOS mode.",
        "#=qChXzjuiVYrb8OlqJPajoUA==",
        "ProtocolType",
        "#=qnoPzE9XMA8S7X5JX6ycJ7w==",
        "#=qOicuy1VnndMMXIrDqqx3EA==",
        "#=qCeF2tfSXulrE0bbyPxU$1ik7Jf3avSO4FKBmKNH9QLg=",
        "y{jA ",
        "ToInt32",
        "#=qHJMw55fNEVIiKcc4ry0o7_L9hyz3vS4jgKl3KMX8xGg=",
        "_Lambda$__6",
        "RuntimeMethodHandle",
        "Buffer",
        "`5q}'pG",
        "RuntimeCompatibilityAttribute",
        "#=qPgHNba2TbLgSqrCvG0e5Uw==",
        "#=qcDfNIFv7M2KbeeK2ufHf3w==",
        "#=qxYJIjuXFTjRvt41we4akdH1WN2nLMpesVOXXsYuSrHM=",
        "#=qtDC6IoLr5pnMo1d9qdAc2TBOnWqOdlEZHf8Itbl8cJc=",
        "CompilationRelaxationsAttribute",
        "#=qXIsqrB8Mw2TMQ5$s7oRSIQ==",
        "#=qd7RJPnCy4YddvoQeTJhlwA==",
        "#=qquFMi5Wa$w8aN9GGlN4H1Q==",
        "#=qFZLDtLWdUONY4B_gU_jjJi4BgFANcRLPMuWuQINdRLc=",
        "#=qVcF51voQmyGAgyAUz3313w==",
        "#=q7$Vba9f7UkS7OwkHeUGtrn1ymWXBIMnyiJbrBxyOPBM=",
        "feffeefefa",
        "g=KP&",
        "CreateInstance",
        "#=qsUsGxFgC$BJaO_$VAtZ1Ug==",
        "\\^lE_",
        "#=qsLIORBvLMZm5c5Lb9Cm$GQ==",
        ",@Nrs8r",
        "#=qZhds7a6Pui$KE4m8ht8xuA==",
        ",g>m1<",
        "#=qsUdW_kbiEct8_uosknsYUQ==",
        "_Lambda$__9",
        "#=qb8Z0_4AS4r8OSPknVYvDfA==",
        "Monitor",
        "#=qxO41EOA8VDczxcMMPD9Hv85pbiPnTbukmYyDI5Z6X8A=",
        "#=qrYH2MBQ1J6Wu3hhoHHVW0JQwxTYC8hYBTLbQIYHNBds=",
        "#=qWkPc$uBFgJrhuimjKXkFcw==",
        "#=qs4p7qYamgHyRCYZsTKM03Q==",
        "#=qXyCbQ53pEXrdqhJ6oXoHqg==",
        "/.B!n",
        "#=qo$DZvhC1PKdsChUToY52NA==",
        "#=qGCYL9FviWCrv0prWZC8VfgL34V_6XyB$buFX2LkjbCg=",
        "#=q5$hUSQAZNmEXcUcvGVFJrlqtw6IWJBy6C7LN$kOmTWU=",
        "b`*&+",
        "`%,h}",
        "]H1e%",
        "_R@5h.",
        "UInt64",
        "#=qUZMwlqlTBPLi1iscPEnOdMZqp5jDsQ1UK2Kgux$Yn40=",
        "#=qxOFsoGbvlBlUujyS9g3fPQ==",
        "#=q5WXECfTJPQIQ2JoJDGsf9pTFKCPzQGp3$QlyT_g_ZCY=",
        "-2&~}",
        "Stream",
        "#=qNc0O1YGwS4NhcbB7sgpVgg==",
        "#=qlt$K8Ex4tZEPwTl4RuqGMw==",
        "ObjectFlowControl",
        "bN;k0",
        "DnsQuery_A",
        "#=quRXaU$OHlRs_89kacdiUMQ==",
        "#=qb_soGTESOxGbPyWr9RZjig==",
        "#=qqLNJOrQl$9SirTNF5ZKaLA==",
        "RuntimeTypeHandle",
        "#=qZb1TYPPMMY64aTN2MpcGOQ==",
        "DC[(H\\C",
        "#=q9x6KBL_arYpQC$zFf4pEFQ==",
        "IPAddress",
        "HashAlgorithm",
        "#=qBuMzaVqxpYkDVtTnLpbYyjTfZNKm8_4JkuoFHPxOBFo=",
        "System.Security.AccessControl",
        "Z6-yS",
        "#=q1BpeNGUQvsUFoXPmB6q50A==",
        "SvO!$",
        "RestoreProtection",
        "#=qiY1B9yU2oVkPHxhn$y67SFTP8x1Jb0botGqdUGkdpQg=",
        "Timer",
        "#=qkxzumuLbzy2O2XsBlM3j$g==",
        "#=qvQfNpqhSbw_$p1TB3UFgJA==",
        "#=qDBRodZmvuO0qLafxHA9KMQ==",
        "#=qrWXrfWfqyzD06oY$LsE9ww==",
        "SendToServer",
        "=1ZEm",
        "#=qJEtGIBRUjtEusa67yMyqWQ==",
        "#=qVvEn7vdm6JlvG9koG0JUIQ==",
        "WindowsPrincipal",
        "#=qqReemZdhHj1veATVZbU2_Q==",
        "#=qWfwpJtKOXBFXf_1zpmLUrQ==",
        "Collect",
        "#=q5mGK9suCIiUDZgS_YSrSQg==",
        "ReadUInt16",
        "#=qcp_YDS3uDXZMDFWGeFYphA==",
        "MulticastDelegate",
        "#=qP5B75c4g32E_HsewCKc$Ig==",
        "-*&{c",
        "#=q4kB_KjL2oo8adT7lfnt6ew==",
        "#=qPbvCT$UNIh_DPMt5F02Hyw==",
        "#=qKtJTKEkNf2mJVHcZzSW8iQIcsBglzcJJOkX7V_uB55w=",
        "#=q4o4zrrzr7uOw3pySDBOwZtAOdlhvudqcbIbhABkQfe4=",
        "#=qenWi8guqQrvoGB55djo0ka_844yTmViBn5_Fr2X6HAceO7AJErk_Rh7nfkfqtUbq",
        "LockResource",
        "#=q5fG5Wo3pzujuJKotO2WwDQ==",
        "get_BytesTransferred",
        "GetProcessImageFileName",
        ")L>$t",
        "#=qQbsDS5g6rYgVt4AUW_pPJ8MQlCJBs7uyF9EY8OKREmQ=",
        "#=qyYejfncvZCW4q4y4GEV7QqOL4Aox1NSDqQmcpM4TQVA=",
        "|u.4By",
        "#=q0f150kYsIx0s3raR3xq1xQ==",
        "Utils",
        "#=q6ARXRSe2PbSpq5u4_c1Rsw==",
        "#=qpE_mRkS89WMXbQTdLD7bwp4pTt2zrWY_WBF1BLz1fes=",
        "GetEntries",
        "@kEpU6",
        "#=qtussAh$DpHFmu7sm9TXJyZsrjeJ6Xm9c2y22v4wQG2s=",
        "StackTrace",
        "#=qc3tkHe_7v$eGA2x6krh72Q==",
        "ClientSettingChanged",
        "Registry",
        "ProcessStartInfo",
        "#=qXzCb60v8h3v0rPCrGf606Q==",
        "#=qvvhgGCgMlZiK63M2bP1Kcg==",
        "#=qpaOobmVTnUS0322VEUTQd53tn4HeMWSoV2XuTUOmp6U=",
        "#=qCQ9vY8iVniiFr_C0wuoMFHQgjJIll0MjoDGXuPo1hYk=",
        "#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q",
        "HostDetails",
        "#=qwWiTcboLi4zF4ycKWLBprqWhuc6ZDNNDjC8OE8DG1$c=",
        "#=qFTBwGADWl13TibdOa5ODk_Y2qcfMGC4lp4rhrZcE84kZNE6dU4EqEk2ZYKuJAWo9",
        "#=qK7tJUw5nsLE_rt2JHgqYI6_vH0s$mFFB1QifRuMCr34=",
        "#=qKwlvi80KuDBelBsvucNuhRsqXRtqCfWqVH1dUPmd6_o=",
        "#=qzI8efPARogp2CZcGB2UtfAz2tJs0A4fM9fKvuTKYqi8=",
        "-!&o/",
        "1cz[u",
        "#=qphSRC1xHjYarc$NSFAVMID1iP8dwbr6BCaxyrkptDP0=",
        ";6y\\;;",
        "#=qPYtEwg1BZk5tP9KKNl$36tqIdWilqjeWcpWKL2Zxnug=",
        "q F%f\"",
        "#=qmTxGiMA05lTEtoPPV6RFOih4DYS0uxrxPO4vA1H2j6U=",
        "#=qRNkKSXdFDcR_p8Jbzx9WJQ==",
        "IClientUIHost",
        "#=qGvpT_A2MS3Oi797y6jojBg==",
        "#=q0xixHwSTS$a9x5dtNZccvebVLuO4euYOepae9m2S64s=",
        "#=qSJci08l8EqyD9KF0joWzSA==",
        "]\"Q+a-Y6I",
        "afeffefeeffe",
        "y`sRE",
        "#=qYKspnFhL3rrV8a6zSvXJWA==",
        "#=qzAgp3UwWT0075L6Sh4PfZA==",
        "'bpAb",
        "ReadBlockData",
        "AddMinutes",
        "#=qDJ4yS7fCDfIiEVFkwyEE6G3$$73HwRgy2_eKZUkxaSo=",
        "-\"&~k",
        "#=qhE2P2k46jiSSjO86g3nB1MkLGC9_3avDpI7iYbUHr5g=",
        "#=q98hMbgVf4fBR3MKeaM4uQI$YRLQdIr1biYYF5369cW8=",
        "#=q5bws5LlHvLK62TcSJadQTw==",
        "3byRy",
        "W{S2o",
        "#=qP9qYgJs5_O2GP2pI$ho4ZSa8wQkwNQEBMg8VjNRrUWE=",
        "#=qQkx1bBZns8hPde7$PcvfUl2fAairj6t_H8ve7nJO2s3BIB3t7PXd4ZR9h0JHyxrX",
        "ToArray",
        "#=q9LcncGbDdZaeonfU3943IQ==",
        "#=qhufLjssUmkN_mXHuWOXl8gUDxidnVdWY$tHhp2HS0ic=",
        "#=qJpz_ygP5AiHfhtTxRulSsw==",
        "#=qtNbB44E34Ui_i5yJYQ5ntw==",
        "#=q752iy7NeRDzz3UAYRlXXfQ==",
        "get_MetadataToken",
        "#=qAbQ42UrUbGpmkYA2zun7Tg==",
        "#=qFY80y4KcMQywRNP$ttVIXw==",
        "#=q2LHISsr6oVwPjyrC2AFTD2_CdAouK60pDkoTs0efRSU=",
        "#R%W^",
        "get_Item",
        "UInt16",
        "#=qN6ip4UNq3TKArPG3ZZy$zw==",
        "4zSXe$",
        "get_Now",
        "#=qLEtx_37WeiIPQPYSN8vY0qTNiL_L6nA6vkFQwNlcU2Y=",
        "FormWindowState",
        "1i~WO",
        "SQZE!",
        "Delete",
        "ClientUninstalling",
        "<EoY_",
        ":P:n>G",
        "#=q6OqJPhANvYfkdc5uh_IKsUbLoI4zVFCxs4fpu7Vxr_U=",
        "affefeeffe",
        "#=q7uQjJN4fKJgs403tXnERFbQ1VWp3FBsMW_1ZAWZtc1g=",
        "#=q_0gCRmXint4znUKVJR_bzg==",
        "740kw",
        "#=qBk9t7p9S5R095rOkFdE8GQ==",
        "w;O,;)W",
        "#=qT9sog7FujhNJZHxxUXVGPg==",
        "#=qYhk_OkZkBWola80M6EUqow==",
        "#=q74AbaKJhduohKQ4YDrC28g==",
        "#=q2n0wwv9OpsrMrxVUVHoqGw==",
        "#=qVxXNKnhAcArgJoGGYXiyyQ==",
        "#=q8WaW5L3_NY3KPDRN6V9mCI08mHUZbTcARcexWvaAL6A=",
        "String",
        "Mqb $",
        "#=qxe_BfLLMHqYa_KBeLsRfpw==",
        "GetObjectValue",
        "#=qWNtQAckY3EoQ$HeRpEQ9MEcj4oiFXpw6QZThgsGNZIA=",
        "#=qscQJIcBkI9VH8bZTZtABeA==",
        "#=qXULhMbqiur_al62NrjaiXWJ8rme0bKMO8KkV356NZwk=",
        "<generated method>",
        "#=qalo3zYdlWWh$dYSx9JnNrw==",
        "ContainsKey",
        "f9P{%",
        "#=qKaOsg8ghd7KyYDCm3RhDg9KJrf7McwaH92TdOJzSw6s=",
        "#=q60UcvJzzgao2Rv_stV3rQhhxCdm95L1Gb83mKGH1VxQ=",
        "#=qHauijmh2nJ5kHO6fTYBnJFZKkfzkWt5gB4mYS5OLOVc=",
        "#=q2c1dOwAlqEVK063i13$4Vg==",
        "-0&sY",
        "#=qcMb6hxBpdyTwCjvpzaQcC5dS3wbplPqOta7ERz_lMIo=",
        "IEnumerable`1",
        "#=qfLFZgbR_r0GETPSprP6O9w==",
        "#=q3$9MQ9O56ldzMJGDeTdBZw==",
        "ToInt64",
        "#=qkgpjO3I2rdg6Il4nyqzgDw==",
        "#=qSbcOBh8Kf7zb$IciDxPlGw==",
        "4+xNLK6",
        "aT<%u",
        "#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=",
        "#=qKU0J1fiP8KA33eFK1owekQ==",
        "Gs#&f",
        "Console",
        "#=qsR25pLrAgwps$DwdB_BuUbMipiUFFEDkypROuvRRPj4=",
        "#=qKi0KrAcAGUOMcS5S$2tJyg==",
        "-!R,_y",
        "#=q5grPwgEurSn6KutVLS5_oPClPR_aCEdSRk5nKP5bDm4=",
        "B%n!0",
        "#=q8VTskDJ5TyHJcDeWmklddw==",
        "#=qbn24Ox5i732BM_T_R4Q3RtK1pEoSIYmxE9Rba9DDKEA=",
        "SizeofResource",
        "#=q2WFu5tRyicebO6UkQga8SbXrngw5YigfLTTVJqQy1qI=",
        "BaseCommand",
        "I29WQ",
        "System.IO.Compression",
        "#=qwSqLSPEuM8lJy4sOeuH92YjPodcLquqdG$OodozwC60=",
        "Transmission",
        "StackFrame",
        "#=q8d8q1KZbTCKTAZreko1Lug==",
        "#=qgW$Sn0ALOASuZcEZHxiZDaj3mNXTljqLa5onSc7M0U0=",
        "get_Key",
        ":@*I*",
        "V`zy4",
        "Intern",
        "PipeCreated",
        "-,&~C",
        "#=q7b0FP8eSMCctHkHIxEb12w==",
        "#=qG5YZbexfSlZk_cwFxKFh4HaY$Krp4rK2HdCH8OIs4EI=",
        "LogClientMessage",
        "/Had+4",
        "#=qEqEPF0jj3sUIryvQNEKKCV9boaHFZuHXMROqSn28L3g=",
        "#=q9iu_XWrg9WTOw3hVDQcP8ZcABJLoMYtAY0HfRbaBN24=",
        "#=qdDrSQoelY6gHzRt_ma5NQg==",
        "add_ThreadException",
        "AssemblyProductAttribute",
        "#=qwBDUI_NSPNLYbPH4gy$3uQ==",
        "#=qsWAbPBa1yptbB97zoAjeSA==",
        "get_Length",
        "*YZSi",
        "#=qc7QknLi4DrEENw9hVJyfaw==",
        "VariableChanged",
        "#=qN76bQl1CQ6EpIJzS4bbSnw==",
        "#=qA32zcbPIWwOaURCE8zDGfw==",
        "#=qqROT7DfncW7strhZvp0iRQ==",
        "FileInfo",
        "ConstructorInfo",
        "T~4jn",
        "#=qqnp3i0xG3gb2LwEmwQLB8NQerATuB2G0aH1k$$26lgk=",
        "x\\]DM",
        "Change",
        "get_BinaryLength",
        "#=qbWN2780y2PKcyDt_4uktmA==",
        "DialogResult",
        "#=q6wR5WMLGkL9afTpqmWsw9g==",
        "MessageBoxButtons",
        "Activator",
        "#=q48p8EJcbwRuSJ9efJfzTZ7uyOBVlFQpnFVv30w93EJA=",
        "get_IsEnum",
        "#=qrmavK4kbgFTgX3_IUlEoRw==",
        "#=qoygY$KIlhsLDneTXkJ_L9A==",
        "#=qhPbzHXREadcUSl6d6LhVYw==",
        "#=qVCHxDTr$$bwFMb6i9vBKRZciaa69edA3gsLNOty0RAzCorWRBUh2v0PgySYBEvZ0",
        "O?bY<N3",
        "#=qgN8fDYnB$J$X9QGGYQsYuvA6BpDT4GE_ca7JiOh661Q=",
        "ffeeffefeefa",
        "#=q6NenfQbzQYLSZe2oYrhKsEGeaR69wF$W7VvfZPx7lyg=",
        "#=qtRuLPG6CownVXpQS2Jma6EmxR$R$u15FKPRjOSzCUIw=",
        " > |/",
        "-*& r ",
        "#=q6k7flm9GMlPIija7ZH1xJg==",
        "UnhandledExceptionEventArgs",
        "=W~mJ",
        "#=qbLBIoIXYNfJl3x9LHqBWNA==",
        "#=q9RHjNFjnLkbqjNKidtUNeAGLmByWXgbKwjLfhcq9NOc=",
        "List`1",
        "AssemblyCopyrightAttribute",
        "#=q0U3u45cUl83Kicjfx0RmVA==",
        "#=q9T406SLBpfhYfDTkCrB28g==",
        "#=qO0bmWYqIZnaB7Udo1OTvUuiP36Q9Z_7hz6URm1Yr1hM=",
        "#=qibDx9sEkAVZroec7HmNu4g==",
        "4System.Web.Services.Protocols.SoapHttpClientProtocol",
        "#=q6V4Kle56uZFNUY$zkrrKJQ==",
        "ToByteArray",
        "ICryptoTransform",
        "3u1,O",
        "(2YGk",
        "#=qzDzg9a$HVGG1G5cdhqbdwO3OG_SFijGXN8Towa37$TQ=",
        "#=qd4_A7Y1qGQ8QAgHfK8_ssQ==",
        "#=q3qYAJGveL_cxux6_2m4Vaw==",
        "TryParse",
        "#=qDB62T9X0iP_6WNTXOuwQnA==",
        "PipeClosed",
        "#=q8eJA0L4q0RMnuOJCvpFj3133vZRxVnxvHST9vysUWYQ=",
        "Array",
        "Microsoft.VisualBasic.ApplicationServices",
        "#=qpQiSeXaCc6qGNX49vDbcMYyzv_UpV$YoUyrH0l6FW6Q="
      ],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "NanoCore Payload: 32-bit executable"
    }
  },
  "detections": [
    {
      "family": "NanoCore",
      "details": [
        {
          "Yara": "2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b"
        },
        {
          "Behavior": ""
        }
      ]
    }
  ],
  "procdump": [
    {
      "name": "e4dd7d882e7afe04c9b7bddfc0a6251193152d26b730d2625db3646f88c717b3",
      "path": "/opt/CAPEv2/storage/analyses/47/procdump/e4dd7d882e7afe04c9b7bddfc0a6251193152d26b730d2625db3646f88c717b3",
      "guest_paths": "1;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?",
      "size": 91136,
      "crc32": "2C5E18AA",
      "md5": "7b798ec5a4fab49bb47b934b73dc2a14",
      "sha1": "e07ecbff698af029c14f8b155c34a3c75827fdb3",
      "sha256": "e4dd7d882e7afe04c9b7bddfc0a6251193152d26b730d2625db3646f88c717b3",
      "sha512": "69c7c3dce712af8e5e6d5629ac50dc6321ef3a54147017632a1bbc783c65c7e8a19770a78757e9773d035cbbe1f8b5a7c7889cb8be3e1d4ec6e7eda474b220b7",
      "rh_hash": null,
      "ssdeep": "1536:Xdw7/pRromCZr1BuscKvaopCrYNbdFLGVUruvaSsLsbUbdkFBpNUc+qKDpukM:NM/prm1BusvvaMC8xFYxvG+UbO3Qc+1w",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [
        {
          "name": "IsPE32",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsWindowsGUI",
          "meta": {},
          "strings": [],
          "addresses": {}
        },
        {
          "name": "IsPacked",
          "meta": {
            "description": "Entropy Check"
          },
          "strings": [],
          "addresses": {}
        }
      ],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T13B93124DC817AF29C85AA2FB05B318C3523C219317DFAF33158E7465157A63BBA25B44",
      "sha3_384": "e806a0212de819f4b61e690e1de386b470e36157562a91056693ceaa993f4fc85c4f2d9a703126d07396c4162e2901b5",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "No signature found.",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x0001e792",
        "ep_bytes": "",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x000206d1",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {},
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x0001e738",
            "size": "0x00000057"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00022000",
            "size": "0x00015fa8"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x00020000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00002000",
            "virtual_size": "0x0001e000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xe0000020",
            "entropy": "0.00"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00000400",
            "virtual_address": "0x00020000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.00"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00000400",
            "virtual_address": "0x00022000",
            "virtual_size": "0x00016000",
            "size_of_data": "0x00016000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "8.00"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_RCDATA",
            "offset": "0x00022058",
            "size": "0x00015f50",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "8.00"
          }
        ],
        "versioninfo": [],
        "imphash": "",
        "timestamp": "2015-02-22 00:49:37",
        "icon": null,
        "icon_hash": null,
        "icon_fuzzy": null,
        "icon_dhash": null
      },
      "data": null,
      "strings": [
        "*%x(#",
        "HOf{`",
        "|\"$V1",
        "ah@GI",
        "KNTzW",
        "xFPb*",
        "=DLV(",
        "&DL9/M",
        "f!~>~j",
        "c`RGU0",
        "4{'Wg",
        ":UkKI",
        "_XvmS",
        "2}}bV",
        "b0+MtA",
        "\\M/e(",
        "}*Skz#\\r",
        "v_E7o",
        "bZ-zT",
        ":X<y]",
        "!d{t,bk",
        "h;?N^7",
        "4'aDHS{D<",
        "=!#0jR",
        ",sNo}",
        "1j@@C",
        "PzHP/SB",
        "U&3d>{",
        ">j|:\"",
        "\")cs`",
        "P1K.d",
        "&Hj<q",
        ";!5mi",
        "{!rE[",
        "2H^}~I*-;",
        "iFl8H",
        "!<zuJ",
        ".text",
        "PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX",
        "W\\q_b",
        "xD1\\GA",
        ".t}Dy",
        "|\"{t8",
        "{1RMi",
        "eHngd;I'",
        "0*KfE[",
        "<Njgc",
        "'k>}T",
        "rG~$5",
        "a%sdRwu",
        "TLDP@",
        "N1-M0",
        "%5HEl+?",
        "%d/RXj",
        "U-hW*",
        "7;TB S",
        "lw&y_",
        "Q@Xr_",
        "B)b;q",
        "JUz|G",
        "5/fKR\\",
        "e9j,2",
        "_$cN4pZ",
        "{%PH7M",
        "Yvc),",
        "z7zqT",
        "Q!Y+M",
        "t/[C#XKs",
        "TBXJD",
        "g/)p[",
        "B8h%X",
        "beh~@",
        "x&bLGY",
        "05MB0",
        "^85<E",
        "!^X:L",
        "7&NM\\",
        "xI\"MVk",
        "$F0@_",
        "m1hxT",
        "Ae6=x",
        "PN_&7w",
        "eN)9qy",
        "%i]xD",
        "c@9J`#",
        "S4ub.o'",
        "aJCc<",
        "#3uzz",
        "M8w<+",
        "W5LWz",
        "rv/1D",
        "q6Z>]",
        "e?A?v",
        "{J82]",
        "KJkhAEW*\\",
        "cV?Z|N'",
        "5s4*D",
        "n6X_V",
        "%InJca",
        "($(6h",
        "BSn][g",
        " c,g`",
        "*PuZI",
        "l[WM%",
        "WMPZv",
        "/U-WT}",
        "XKic8",
        ";_Zf[",
        "J.eD$",
        "Rb:1>@",
        "f11Yo",
        "v/,En\\",
        "C4vSd",
        "'ZI&m",
        "6t|Oj",
        "s~F,r",
        "aC@5=",
        "48saj",
        "/QX}e",
        "+.Pb/",
        "OU)=\"",
        "ubd_A|^",
        "Wsr!&",
        "LM|s6&",
        "pe&fz",
        "~(0(UV",
        "h]rYT\\",
        "suq)-\"",
        ">Na.q~",
        "<K}H0r",
        "0aQ^C",
        "I16QY",
        "_g0,g",
        "B.u91E",
        "OX5-n",
        "haE4k",
        "Xj08'",
        "FzAV/k!",
        "`uc0^],\"",
        "$_di;",
        "2jx>7",
        "oFu$!",
        "<_bG;ZY",
        "s8=V<",
        "JafPr",
        "`<hNE",
        "y{jA ",
        "N9Iknq",
        "!This program cannot be run in DOS mode.",
        "0vn50\\",
        "dyt-W",
        "c`iD>",
        "TGpuY",
        "8uk-|",
        "b|g+-",
        "evb3+sG",
        "`5q}'pG",
        "rYs|e",
        "rm-^|",
        "G4pEt",
        "#VO'S",
        "g=KP&",
        "43s@a",
        "NE7WV",
        "\\^lE_",
        ",@Nrs8r",
        ",g>m1<",
        "-[L=k",
        "1)!1_",
        "_/o{U(A{",
        "7I)qt",
        "GY!>yw",
        "u~-U8",
        "/.B!n",
        "V`6Xa",
        "=oRe%L6j",
        "{p@==",
        "]H1e%",
        "MKV)/>",
        "_R@5h.",
        ".reloc",
        "sRvb\\",
        "He?J^",
        "<EU|L",
        "VDw){",
        "bN;k0",
        "v\"HAzCG",
        "v9?*<",
        "DEcW{",
        "Z^OGV>.",
        "DC[(H\\C",
        "Cf{vp",
        "B8i\"~",
        "SvO!$",
        "\\CZM8",
        "&'E,]",
        "gw~L\\",
        "9beO0o",
        "|5rpe7",
        "=1ZEm",
        "U!+sTj",
        "'6KfR7O",
        "0e%.d|",
        "Wq(`eA]",
        "Xy{K-",
        "32EJC6u;IYz9",
        "Lw;(\"",
        "}Fu\"$b",
        "^RH\"-&",
        "3[@N:",
        "+C? 0H",
        "~&h9W",
        "bBQZ`",
        "-kL?R",
        "'5$&;",
        "S$'U|",
        "#mvl9",
        ")L>$t",
        "|u.4By",
        "F% 6[Me",
        "p20S:[!",
        "M`o}+",
        "!7k&Y",
        "@kEpU6",
        "/l\\g06",
        "1i^I2p",
        "KseXr",
        "D>)TY",
        "ptQY1D",
        "c1 [1",
        "48zmp",
        "uP}b7",
        "ZRvcv",
        "Vy`?:o",
        "0J8>')",
        "$>lPy",
        "9g}MS",
        "1cz[u",
        ";6y\\;;",
        "q F%f\"",
        "9RNWA",
        "y`sRE",
        "Ns\\8OX",
        "+`(Gb",
        "&2+0\\",
        "HdXLH.",
        "krmWR",
        "/!|Sq",
        "'bpAb",
        "d)PG ",
        "3byRy",
        "W{S2o",
        "%vz4x",
        "t:0e)W",
        "4+Ot=]",
        "CU fL",
        "#R%W^",
        "4FS;,MM",
        "D|3[5",
        "4zSXe$",
        "bIC)<",
        ".a;*x",
        ",@W<z]F",
        "1i~WO",
        "G&Eg\\",
        "SQZE!",
        "!].p]",
        "<EoY_",
        ":P:n>G",
        "B.dIs",
        "B.rsrc",
        "V._H8",
        "ubzrn*",
        "740kw",
        "a!5aE",
        "w;O,;)W",
        "mBS|c",
        "C{A/{",
        "1;sKPkj",
        "]I]XLh$*A",
        "lSgV'",
        "2N`i!",
        "go,NAw",
        "WdSH6",
        "|I5v}",
        "Mqb $",
        "z#cuch6ZI",
        "i,Id`",
        "f9P{%",
        "Qo)hSX",
        "mb]OE)u",
        "@4;oOB",
        "fSgHd",
        "L3&UNmY^!^",
        "/;ol]",
        "|.euR",
        ")}8.m",
        "oL)c3",
        "c_Nd<",
        "jsND)F",
        "4+xNLK6",
        "aT<%u",
        "@iOLO>??3",
        "|*mnk2B",
        "Gs#&f",
        "-!R,_y",
        "C{]_o",
        "j#'B=C",
        "B%n!0",
        "C4rwC",
        "b'Ohi",
        "I29WQ",
        "^s,}W",
        ",Q:i7",
        "Si+ze",
        "%XfzR(Z",
        "4.'[G",
        "xUB.i",
        "NW@5q",
        ":@*I*",
        "V`zy4",
        "!e~uh",
        "/Had+4",
        "Ko*/B",
        "]FG;K3k",
        "fAE`C",
        "FYodp$",
        "ZLvpY",
        "*YZSi",
        "]%vkmj",
        "\\8SYH",
        ".*%6M",
        ".]7=2_la$U<",
        "T~4jn",
        "!U7aX",
        "x\\]DM",
        "-SK1$",
        "BS<R>",
        "aBXL!C",
        "49#m`.",
        "v,=E.j",
        "X8.2@$3",
        "O?bY<N3",
        "x!3GE-",
        "MF{B.\\,",
        "{G!0'",
        "_}<>b(",
        "@pN_02Z",
        "!V,(q",
        "U/<Np",
        "c[Zpv",
        " > |/",
        "6BAna",
        "TMpO|}-",
        "OlfJ@",
        "=W~mJ",
        "QLgQ=",
        "@DFe]g",
        "c!};z",
        "Tk~rs",
        "nT={iz",
        "{4u-1u",
        "(~3c82",
        "3u1,O",
        "ha|H=+'",
        "(2YGk",
        ".4Ccq",
        "PD/wj",
        "+^Tw.",
        "}qh3`",
        "'UD_'j",
        "OKoB<"
      ],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
      "process_name": "sex1.exe",
      "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
      "pid": 6648
    }
  ],
  "dropped": [
    {
      "name": [
        "tmp2CBA.tmp"
      ],
      "path": "/opt/CAPEv2/storage/analyses/47/files/067d3f5167cab2ea4e76f59386df4eaf49c6008f6451e1971274a938ad7bcf44",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
      ],
      "size": 1308,
      "crc32": "DFC53F5D",
      "md5": "f3cda3e6bab1951e8d59c3eb775a14c6",
      "sha1": "434c1ec851a45c0505fd8fd28159f549e2e9adfd",
      "sha256": "067d3f5167cab2ea4e76f59386df4eaf49c6008f6451e1971274a938ad7bcf44",
      "sha512": "bc79446e4e0204c04abcacef6799aeafe7915c1a5c6bdb3573ba40370d6a6a1e2590eb6315151d12a9447970f993a17463442c5dc0ba97c58df17dddfd73d62c",
      "rh_hash": null,
      "ssdeep": "24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0RyKqhxtn:cbk4oL600QydbQxIYODOLedq3SyKUj",
      "type": "XML 1.0 document, ASCII text, with CRLF line terminators",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T15021C064ACC0F61B66715625A39197C2DF2A97A301564138FCCC4E7F2FB6186305356B",
      "sha3_384": "1eb93f230a5f047b6d766169b634e81bfc13787304efced3c798eae10e87825e08181f98f6e13bfa644749fba3b38ee6",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\n  <RegistrationInfo />\n  <Triggers />\n  <Principals>\n    <Principal id=\"Author\">\n      <LogonType>InteractiveToken</LogonType>\n      <RunLevel>HighestAvailable</RunLevel>\n    </Principal>\n  </Principals>\n  <Settings>\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\n    <AllowHardTerminate>true</AllowHardTerminate>\n    <StartWhenAvailable>false</StartWhenAvailable>\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\n    <IdleSettings>\n      <StopOnIdleEnd>false</StopOnIdleEnd>\n      <RestartOnIdle>false</RestartOnIdle>\n    </IdleSettings>\n    <AllowStartOnDemand>true</AllowStartOnDemand>\n    <Enabled>true</Enabled>\n    <Hidden>false</Hidden>\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\n    <WakeToRun>false</WakeToRun>\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\n    <Priority>4</Priority>\n  </Settings>\n  <Actions Context=\"Author\">\n    <Exec>\n      <Command>\"C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe\"</Command>\n      <Arguments>$(Arg0)</Arguments>\n    </Exec>\n  </Actions>\n</Task>",
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6648
    },
    {
      "name": [
        "task.dat"
      ],
      "path": "/opt/CAPEv2/storage/analyses/47/files/18dfaf9bd0867e40bf38b6f31369867a9d3ed42ac0a7a313753ad173556a4225",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat"
      ],
      "size": 41,
      "crc32": "7ED1E097",
      "md5": "a6bbb34741376ac2a4a2ae37846e6e08",
      "sha1": "febe5edca9a7b94cc4b96a51cc41aa2850ad6c5c",
      "sha256": "18dfaf9bd0867e40bf38b6f31369867a9d3ed42ac0a7a313753ad173556a4225",
      "sha512": "439a2958149c5e11fff10111269752d42ed625397c1d710c76bd7e0387ecdeb4c12df45a9038de780e3ccd6ff997d306ebb985bee039d97dc9cc97ab19e61f80",
      "rh_hash": null,
      "ssdeep": "3:oNTqE2J5xAIpULACn:oNb23fAn",
      "type": "ASCII text, with no line terminators",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": null,
      "sha3_384": "dabe121803234b876b9f7dbc5bdc37931bbc7596ada27081a6f83f04d92fc52add147059f0169848d1efb86094046b3d",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6648
    },
    {
      "name": [
        "tmp16B1.tmp"
      ],
      "path": "/opt/CAPEv2/storage/analyses/47/files/4931757751d7c9d49e74bf11f86be68591998ab3608b8a0d8cca6b531f1451a6",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
      ],
      "size": 1304,
      "crc32": "FA07A1F8",
      "md5": "f08fb725f4cb00c9cbdaea414924186b",
      "sha1": "213e1ba4cbf97cc15078aa7525dfdf1ec14765b9",
      "sha256": "4931757751d7c9d49e74bf11f86be68591998ab3608b8a0d8cca6b531f1451a6",
      "sha512": "d25a30b1f36ff3acb53ed5ed1604bca83a9d4742bc2deaa8fd0d5ef0f5d8a8c8f3b8ff836fdfc33cc0b938859389d530ca8d720f15b8a10b9b14b6a2fb57284f",
      "rh_hash": null,
      "ssdeep": "24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0yoXxtn:cbk4oL600QydbQxIYODOLedq3boXj",
      "type": "XML 1.0 document, ASCII text, with CRLF line terminators",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T1FB219D68ACC0F61F66B19629A39197C2DE2A97A301564138FCCC4E7F3FB6186305356B",
      "sha3_384": "452153ccc56a1af13a66cebb3214161d2b6cd027af8cd95f1bc82c7e0b79207d51a73a446f4d20801a0db02147b66883",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\n  <RegistrationInfo />\n  <Triggers />\n  <Principals>\n    <Principal id=\"Author\">\n      <LogonType>InteractiveToken</LogonType>\n      <RunLevel>HighestAvailable</RunLevel>\n    </Principal>\n  </Principals>\n  <Settings>\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\n    <AllowHardTerminate>true</AllowHardTerminate>\n    <StartWhenAvailable>false</StartWhenAvailable>\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\n    <IdleSettings>\n      <StopOnIdleEnd>false</StopOnIdleEnd>\n      <RestartOnIdle>false</RestartOnIdle>\n    </IdleSettings>\n    <AllowStartOnDemand>true</AllowStartOnDemand>\n    <Enabled>true</Enabled>\n    <Hidden>false</Hidden>\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\n    <WakeToRun>false</WakeToRun>\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\n    <Priority>4</Priority>\n  </Settings>\n  <Actions Context=\"Author\">\n    <Exec>\n      <Command>\"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\"</Command>\n      <Arguments>$(Arg0)</Arguments>\n    </Exec>\n  </Actions>\n</Task>",
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6648
    },
    {
      "name": [
        "run.dat"
      ],
      "path": "/opt/CAPEv2/storage/analyses/47/files/36bafa5002051a4b9b6881e5a98a99819e4d0b662428a35760be4ff269b74707",
      "guest_paths": [
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat"
      ],
      "size": 8,
      "crc32": "74E3501B",
      "md5": "92f616e30feb8f3c9fcbb420cdb90f4b",
      "sha1": "16c273b953b195e0d6f5341b9e41b4b6963290c7",
      "sha256": "36bafa5002051a4b9b6881e5a98a99819e4d0b662428a35760be4ff269b74707",
      "sha512": "37358ecc84a4edc24a65efe39b3f76ec76860c291e9faf4313c69929ab1374b17f383e614b55e4341dc86e2de4cbbd1110cfbd5fc07eb6cedc51e134c55c7dab",
      "rh_hash": null,
      "ssdeep": "3:Nw/t:+l",
      "type": "data",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": null,
      "sha3_384": "1663741d0a38596f6a5bcc30f66040acdc4265e0770884324e77a3558cbf9d0f8141b984af379c5558bff5942ffd80db",
      "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
      "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
      "data": null,
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "VT File lookup disabled in processing.conf"
      },
      "executed_tools": [
        "overlay",
        "msi_extract",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": "",
      "pid": 6648
    }
  ],
  "CAPE": {
    "payloads": [
      {
        "name": "61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403",
        "guest_paths": "8;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x08110000;?",
        "size": 19968,
        "crc32": "BE3B83AB",
        "md5": "bdc8945f1d799c845408522e372d1dbd",
        "sha1": "874b7c3c97cc5b13b9dd172fec5a54bc1f258005",
        "sha256": "61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403",
        "sha512": "4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962",
        "rh_hash": null,
        "ssdeep": "192:VYLQui6h6p5WW3tZVTnlYJL/eLYLTr2/C8:VYLQu/6/fKqLYLTR",
        "type": "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
        "yara": [
          {
            "name": "DITEKSHEN_MALWARE_Win_Nanocore",
            "meta": {
              "description": "Detects NanoCore",
              "author": "ditekSHen",
              "id": "931b98f6-df2b-538b-bc49-ecbbd24334da",
              "date": "2020-11-06",
              "modified": "2024-11-01",
              "reference": "https://github.com/ditekshen/detection",
              "source_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7654-L7681",
              "license_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt",
              "logic_hash": "6336260e0af2b4b51338ee066f41b7c58aa134a6c03ca110db7e088edf2b65a7",
              "score": 75,
              "quality": 75,
              "tags": "FILE"
            },
            "strings": [
              "NanoCore.ClientPlugin",
              "NanoCore.ClientPluginHost",
              "IClientApp",
              "IClientData",
              "IClientNetwork",
              "IClientAppHost",
              "IClientDataHost",
              "IClientLoggingHost",
              "IClientNetworkHost",
              "IClientUIHost",
              "IClientNameObjectCollection",
              "IClientReadOnlyNameObjectCollection",
              "ClientPlugin",
              "get_ClientSettings",
              "get_Connected"
            ],
            "addresses": {
              "x2": 3640,
              "x3": 3701,
              "i1": 3674,
              "i2": 3662,
              "i3": 3625,
              "i4": 3779,
              "i5": 3685,
              "i6": 3760,
              "i7": 3727,
              "i8": 3746,
              "i9": 3794,
              "i10": 3831,
              "s1": 6025,
              "s6": 4601,
              "s7": 4681
            }
          },
          {
            "name": "Windows_Trojan_Nanocore_d8c4e3c5",
            "meta": {
              "author": "Elastic Security",
              "id": "d8c4e3c5-8bcc-43d2-9104-fa3774282da5",
              "fingerprint": "e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4",
              "creation_date": "2021-06-13",
              "last_modified": "2021-08-23",
              "threat_name": "Windows.Trojan.Nanocore",
              "reference_sample": "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd",
              "severity": 100,
              "arch_context": "x86, arm64",
              "scan_context": "file, memory",
              "license": "Elastic License v2",
              "os": "windows"
            },
            "strings": [
              "NanoCore.ClientPluginHost",
              "NanoCore.ClientPlugin",
              "get_BuilderSettings",
              "IClientAppHost",
              "AddHostEntry",
              "LogClientException",
              "PipeExists",
              "IClientLoggingHost"
            ],
            "addresses": {
              "a1": 3701,
              "a2": 3640,
              "b1": 4620,
              "b4": 3779,
              "b6": 4733,
              "b7": 4844,
              "b8": 4705,
              "b9": 3760
            }
          },
          {
            "name": "Nanocore_RAT_Gen_2",
            "meta": {
              "description": "Detetcs the Nanocore RAT",
              "author": "Florian Roth",
              "score": 100,
              "reference": "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/",
              "date": "2016-04-22",
              "hash1": "755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050"
            },
            "strings": [
              "NanoCore.ClientPluginHost",
              "IClientNetworkHost"
            ],
            "addresses": {
              "x1": 3701,
              "x2": 3727
            }
          },
          {
            "name": "NETDLLMicrosoft",
            "meta": {
              "author": "malware-lu"
            },
            "strings": [
              "{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }"
            ],
            "addresses": {
              "a0": 6858
            }
          },
          {
            "name": "IsPE32",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsNET_DLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsDLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsWindowsGUI",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "Microsoft_Visual_Studio_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 6894
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 6894
            }
          },
          {
            "name": "Microsoft_Visual_C_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 6894
            }
          },
          {
            "name": "Microsoft_Visual_Studio_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 6894
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 6894
            }
          },
          {
            "name": "NET_executable_",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 6894
            }
          },
          {
            "name": "NET_executable",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 6894
            }
          }
        ],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1CA924D1362CE7DE6E5B916303B3387C1C72DDE041653DA2E16D87629E97E2833A523D8",
        "sha3_384": "34e76812c5bbcc4e39114f9560b049a9e8ac0f74800b55f33641134edf5dfb32ff8a420a55be3ca4c294e8d1f69db255",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "pe": {
          "guest_signers": {
            "aux_sha1": null,
            "aux_timestamp": null,
            "aux_valid": false,
            "aux_error": true,
            "aux_error_desc": "No signature found.",
            "aux_signers": []
          },
          "digital_signers": [],
          "imagebase": "0x00400000",
          "entrypoint": "0x000038ee",
          "ep_bytes": "ff250020400000000000000000000000",
          "peid_signatures": null,
          "reported_checksum": "0x00000000",
          "actual_checksum": "0x0000721e",
          "osversion": "4.0",
          "machine_type": "IMAGE_FILE_MACHINE_I386",
          "pdbpath": null,
          "imports": {
            "mscoree": {
              "dll": "mscoree.dll",
              "imports": [
                {
                  "address": "0x402000",
                  "name": "_CorDllMain"
                }
              ]
            }
          },
          "exported_dll_name": null,
          "exports": [],
          "dirents": [
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
              "virtual_address": "0x0000389c",
              "size": "0x0000004f"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
              "virtual_address": "0x00004000",
              "size": "0x00002f58"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
              "virtual_address": "0x00008000",
              "size": "0x0000000c"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_TLS",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IAT",
              "virtual_address": "0x00002000",
              "size": "0x00000008"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
              "virtual_address": "0x00002008",
              "size": "0x00000048"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            }
          ],
          "sections": [
            {
              "name": ".text",
              "raw_address": "0x00000200",
              "virtual_address": "0x00002000",
              "virtual_size": "0x000018f4",
              "size_of_data": "0x00001a00",
              "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x60000020",
              "entropy": "5.26"
            },
            {
              "name": ".rsrc",
              "raw_address": "0x00001c00",
              "virtual_address": "0x00004000",
              "virtual_size": "0x00002f58",
              "size_of_data": "0x00003000",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x40000040",
              "entropy": "3.31"
            },
            {
              "name": ".reloc",
              "raw_address": "0x00004c00",
              "virtual_address": "0x00008000",
              "virtual_size": "0x0000000c",
              "size_of_data": "0x00000200",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x42000040",
              "entropy": "0.08"
            }
          ],
          "overlay": null,
          "resources": [
            {
              "name": "RT_ICON",
              "offset": "0x00004468",
              "size": "0x000002e8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.71"
            },
            {
              "name": "RT_ICON",
              "offset": "0x00004750",
              "size": "0x00000128",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.08"
            },
            {
              "name": "RT_ICON",
              "offset": "0x00004878",
              "size": "0x000008a8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.72"
            },
            {
              "name": "RT_ICON",
              "offset": "0x00005120",
              "size": "0x00000568",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.05"
            },
            {
              "name": "RT_ICON",
              "offset": "0x00005688",
              "size": "0x00000353",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "4.05"
            },
            {
              "name": "RT_ICON",
              "offset": "0x000059e0",
              "size": "0x000010a8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.72"
            },
            {
              "name": "RT_ICON",
              "offset": "0x00006a88",
              "size": "0x00000468",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.76"
            },
            {
              "name": "RT_GROUP_ICON",
              "offset": "0x00006ef0",
              "size": "0x00000068",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.69"
            },
            {
              "name": "RT_VERSION",
              "offset": "0x00004208",
              "size": "0x0000025c",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "3.23"
            }
          ],
          "versioninfo": [
            {
              "name": "Translation",
              "value": "0x0000 0x04b0"
            },
            {
              "name": "FileDescription",
              "value": " "
            },
            {
              "name": "FileVersion",
              "value": "1.2.0.0"
            },
            {
              "name": "InternalName",
              "value": "ClientPlugin.dll"
            },
            {
              "name": "LegalCopyright",
              "value": " "
            },
            {
              "name": "OriginalFilename",
              "value": "ClientPlugin.dll"
            },
            {
              "name": "ProductVersion",
              "value": "1.2.0.0"
            },
            {
              "name": "Assembly Version",
              "value": "1.2.0.0"
            }
          ],
          "imphash": "dae02f32a21e03ce65412f6e56942daa",
          "timestamp": "2014-11-23 01:09:01",
          "icon": "iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAY0lEQVR4nO3XIQ6AMBBE0YH0eGuAcwKmZ1sLCkHRZUj4o9qaeVmzqfT3DJl5OAGjs1ySynWIiFeLa62SPjABAABK+7Cte9fCeZlud/sEAAAAAAAAADvgsY7bddk79gnwMSH2nLDUDvNx5OJLAAAAAElFTkSuQmCC",
          "icon_hash": "f66c7c86e9ab59ef3f289acd613a3738",
          "icon_fuzzy": "c3ca946d749a15ad18efd3e5d7b0d8f5",
          "icon_dhash": "454545d4d4d44503",
          "imported_dll_count": 1
        },
        "data": null,
        "strings": [
          "System.CodeDom.Compiler",
          "get_ClientSettings",
          "RestoreProtection",
          "mscoree.dll",
          "EntryExists",
          "params",
          "Assembly Version",
          "ClientPlugin.dll",
          "SendToServer",
          "RebuildHostCache",
          "m_Context",
          "KeyValuePair`2",
          "GetObjectValue",
          "set_Value",
          "TargetMethod",
          "My.Application",
          "1.2.0.0",
          "NanoCore.My",
          "IDATx",
          "Microsoft.VisualBasic.CompilerServices",
          "InternalName",
          "message",
          "System",
          "#Blob",
          "_CorDllMain",
          "System.Diagnostics",
          "MulticastDelegate",
          "ClientPlugin",
          "ComVisibleAttribute",
          "MyApplication",
          "IClientNameObjectCollection",
          "MyGroupCollectionAttribute",
          "EditorBrowsableAttribute",
          "pipeName",
          "AddHostEntry",
          "ParamArrayAttribute",
          "MyComputer",
          "BeginInvoke",
          ".ctor",
          "MyProject",
          "compress",
          "ThreadSafeObjectProvider`1",
          "LogClientException",
          "ConnectionStateChanged",
          "DebuggerHiddenAttribute",
          "System.ComponentModel",
          "ToString",
          "DelegateCallback",
          "instance",
          "wwwwwwwwwwwwww",
          "VarFileInfo",
          "LegalCopyright",
          "My.Computer",
          "get_Connected",
          "GetEntries",
          "AsyncCallback",
          "MyTemplate",
          "m_AppObjectProvider",
          "Restart",
          "System.Runtime.CompilerServices",
          "<Module>",
          "GetInstance",
          "Uninstall",
          "get_GetInstance",
          "Equals",
          "IAsyncResult",
          "wwwwww",
          "ClientSettingChanged",
          "EndInvoke",
          "My.User",
          "FileVersion",
          "ClientInvokeDelegate",
          "ContextValue`1",
          "SetValue",
          "IClientNetwork",
          "get_WebServices",
          "PipeCreated",
          "`.rsrc",
          ".text",
          "AssemblyFileVersionAttribute",
          "WebServices",
          "Invoke",
          "StringFileInfo",
          "LogClientMessage",
          "GuidAttribute",
          "NanoCore",
          "AssemblyTrademarkAttribute",
          "DelegateAsyncState",
          "v2.0.50727",
          "ProductVersion",
          "#Strings",
          "System.Collections.Generic",
          "System.ComponentModel.Design",
          "Microsoft.VisualBasic",
          "AssemblyProductAttribute",
          "ClientSettings",
          "FileDescription",
          "@.reloc",
          "ConnectionFailed",
          "IClientUIHost",
          "$d6e3c4d8-8560-4021-a765-fad7362f3388",
          "VariableChanged",
          "MyWebServices",
          "!This program cannot be run in DOS mode.",
          "ClosePipe",
          "My.WebServices",
          "Variables",
          "IClientLoggingHost",
          "GetHashCode",
          "IClientNetworkHost",
          "TargetObject",
          "AssemblyCompanyAttribute",
          "BuildingHostCache",
          "GetValue",
          "m_UserObjectProvider",
          "Connected",
          "IClientApp",
          "RuntimeCompatibilityAttribute",
          "Dispose__Instance__",
          "8.0.0.0",
          "CompilationRelaxationsAttribute",
          "get_Application",
          "IClientData",
          "Activator",
          "000004b0",
          "PipeExists",
          "state",
          "PluginUninstalling",
          "Application",
          "Translation",
          "mscorlib",
          "OriginalFilename",
          "RuntimeHelpers",
          "RemoveValue",
          "IClientReadOnlyNameObjectCollection",
          "get_User",
          "CreateInstance",
          "IClientAppHost",
          "HideModuleNameAttribute",
          "connected",
          "ReadPacket",
          "System.Runtime.InteropServices",
          "value",
          "VS_VERSION_INFO",
          "HelpKeywordAttribute",
          "get_Variables",
          "Create__Instance__",
          "Computer",
          "Disconnect",
          "Exception",
          "AssemblyTitleAttribute",
          "defaultValue",
          "ApplicationBase",
          "#GUID",
          "ClientUninstalling",
          "AssemblyDescriptionAttribute",
          "NanoCore.ClientPlugin",
          "IClientDataHost",
          "Object",
          "get_BuilderSettings",
          "method",
          "System.Reflection",
          "AssemblyCopyrightAttribute",
          "DisableProtection",
          "get_Value",
          "Microsoft.VisualBasic.Devices",
          "4System.Web.Services.Protocols.SoapHttpClientProtocol",
          "m_MyWebServicesObjectProvider",
          "m_ComputerObjectProvider",
          "BuilderSettings",
          "GeneratedCodeAttribute",
          "NanoCore.ClientPluginHost",
          "Shutdown",
          "DelegateAsyncResult",
          "RuntimeTypeHandle",
          "WrapNonExceptionThrows",
          "get_Computer",
          ".cctor",
          "GetType",
          "StandardModuleAttribute",
          "GetTypeFromHandle",
          "PipeClosed",
          "EditorBrowsableState",
          "Microsoft.VisualBasic.ApplicationServices",
          "Microsoft.VisualBasic.MyServices.Internal"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 8,
        "cape_type": "Unpacked PE Image: 32-bit DLL",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x08110000"
      },
      {
        "name": "f9b8c3f31375e9a1ec105f930f751869a804110d29d6b38e7298622eb74b2bec",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/f9b8c3f31375e9a1ec105f930f751869a804110d29d6b38e7298622eb74b2bec",
        "guest_paths": "8;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x08510000;?",
        "size": 12288,
        "crc32": "8EB03B4F",
        "md5": "42006852619847f368bc4062849cd6dc",
        "sha1": "ba6edc3a5aba8eac15b6a30e1407cdae80b2481d",
        "sha256": "f9b8c3f31375e9a1ec105f930f751869a804110d29d6b38e7298622eb74b2bec",
        "sha512": "92f8f8d8809c37927e6c0f94d35450b16f71b4252d2e316558991105b1bd90b644bc9f8cbbca68423e1371215567b11c631eee5fcbf42dc08c2341cc91dd053e",
        "rh_hash": null,
        "ssdeep": "192:Wb5lecl5SzxgU1g16ldP8i9CL69w582bDAetqL0yQA+cj:Wb5QlnrdP8ICL6q5vb0et9yQXo",
        "type": "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
        "yara": [
          {
            "name": "NETDLLMicrosoft",
            "meta": {
              "author": "malware-lu"
            },
            "strings": [
              "{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }"
            ],
            "addresses": {
              "a0": 10346
            }
          },
          {
            "name": "IsPE32",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsNET_DLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsDLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsConsole",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "Microsoft_Visual_Studio_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 10382
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 10382
            }
          },
          {
            "name": "Microsoft_Visual_C_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 10382
            }
          },
          {
            "name": "Microsoft_Visual_Studio_NET_additional",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 10382
            }
          },
          {
            "name": "Microsoft_Visual_C_v70_Basic_NET",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 10382
            }
          },
          {
            "name": "NET_executable_",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "a": 10382
            }
          },
          {
            "name": "NET_executable",
            "meta": {},
            "strings": [
              "{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }"
            ],
            "addresses": {
              "b": 10382
            }
          }
        ],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1B042D61EDF8CC667DB6993BCD4E24E0A1760A431BA73DB9FB80481640587BF8051B39B",
        "sha3_384": "201a8c71a37dc4dbd0df68b438794dab6fa7ae615b5a6a2e73ad4db8e2173640f1fd04e11272028001a4a010d64b85b6",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "pe": {
          "guest_signers": {
            "aux_sha1": null,
            "aux_timestamp": null,
            "aux_valid": false,
            "aux_error": true,
            "aux_error_desc": "No signature found.",
            "aux_signers": []
          },
          "digital_signers": [],
          "imagebase": "0x00400000",
          "entrypoint": "0x0000468e",
          "ep_bytes": "ff250020400000000000000000000000",
          "peid_signatures": null,
          "reported_checksum": "0x00000000",
          "actual_checksum": "0x0000580e",
          "osversion": "4.0",
          "machine_type": "IMAGE_FILE_MACHINE_I386",
          "pdbpath": null,
          "imports": {
            "mscoree": {
              "dll": "mscoree.dll",
              "imports": [
                {
                  "address": "0x402000",
                  "name": "_CorDllMain"
                }
              ]
            }
          },
          "exported_dll_name": null,
          "exports": [],
          "dirents": [
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
              "virtual_address": "0x00004638",
              "size": "0x00000053"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
              "virtual_address": "0x00006000",
              "size": "0x00000298"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
              "virtual_address": "0x00008000",
              "size": "0x0000000c"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_TLS",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IAT",
              "virtual_address": "0x00002000",
              "size": "0x00000008"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
              "virtual_address": "0x00002008",
              "size": "0x00000048"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            }
          ],
          "sections": [
            {
              "name": ".text",
              "raw_address": "0x00000200",
              "virtual_address": "0x00002000",
              "virtual_size": "0x00002694",
              "size_of_data": "0x00002800",
              "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x60000020",
              "entropy": "5.43"
            },
            {
              "name": ".rsrc",
              "raw_address": "0x00002a00",
              "virtual_address": "0x00006000",
              "virtual_size": "0x00000298",
              "size_of_data": "0x00000400",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x40000040",
              "entropy": "2.14"
            },
            {
              "name": ".reloc",
              "raw_address": "0x00002e00",
              "virtual_address": "0x00008000",
              "virtual_size": "0x0000000c",
              "size_of_data": "0x00000200",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x42000040",
              "entropy": "0.08"
            }
          ],
          "overlay": null,
          "resources": [
            {
              "name": "RT_VERSION",
              "offset": "0x00006058",
              "size": "0x0000023c",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "3.19"
            }
          ],
          "versioninfo": [
            {
              "name": "Translation",
              "value": "0x0000 0x04b0"
            },
            {
              "name": "FileDescription",
              "value": " "
            },
            {
              "name": "FileVersion",
              "value": "0.0.0.0"
            },
            {
              "name": "InternalName",
              "value": "Lzma#.dll"
            },
            {
              "name": "LegalCopyright",
              "value": " "
            },
            {
              "name": "OriginalFilename",
              "value": "Lzma#.dll"
            },
            {
              "name": "ProductVersion",
              "value": "0.0.0.0"
            },
            {
              "name": "Assembly Version",
              "value": "0.0.0.0"
            }
          ],
          "imphash": "dae02f32a21e03ce65412f6e56942daa",
          "timestamp": "2011-04-12 14:47:32",
          "icon": null,
          "icon_hash": null,
          "icon_fuzzy": null,
          "icon_dhash": null,
          "imported_dll_count": 1
        },
        "data": null,
        "strings": [
          "mscoree.dll",
          "0.0.0.0",
          "DecodeDirectBits",
          "ICodeProgress",
          "rangeDecoder",
          "kStartPosModelIndex",
          "kTopValue",
          "_streamPos",
          "Assembly Version",
          "numBitLevels",
          "WriteCoderProperties",
          "CoderPropID",
          "Range",
          "m_Decoders",
          "LenDecoder",
          "kNumFullDistances",
          "kNumPosStatesBitsEncodingMax",
          "GetLenToPosState",
          "m_Choice",
          "m_MidCoder",
          "numPosStates",
          "m_LowCoder",
          "InternalName",
          "progress",
          "distance",
          "prevByte",
          "Decode",
          "GetState",
          "kNumLitPosStatesBitsEncodingMax",
          "OutWindow",
          "#Blob",
          "System",
          "State",
          "LiteralDecoder",
          "kNumPosStatesEncodingMax",
          "dictionarySize",
          "m_IsRepG1Decoders",
          "_CorDllMain",
          "m_NumPosStates",
          "m_DictionarySize",
          "m_IsRepG2Decoders",
          "DecodeNormal",
          "LayoutKind",
          "SetProgress",
          "kNumStates",
          "Lzma#",
          "m_PosDecoders",
          "numPosBits",
          "m_NumPosBits",
          ".ctor",
          "ReleaseStream",
          "_buffer",
          "MatchFinder",
          "UpdateChar",
          "solid",
          "kNumLowLenBits",
          "ICoder",
          "UpdateRep",
          "_windowSize",
          "kNumPosSlotBits",
          "DictionarySize",
          "NumPasses",
          "m_LiteralDecoder",
          "VarFileInfo",
          "kNumLenSymbols",
          "kNumMidLenBits",
          "LegalCopyright",
          "UsedMemorySize",
          "kNumLowLenSymbols",
          "System.Runtime.CompilerServices",
          "m_RangeDecoder",
          "propIDs",
          "<Module>",
          "StructLayoutAttribute",
          "kNumMoveBits",
          "_cX*n",
          "outSize",
          "numTotalBits",
          "Algorithm",
          "inputBytes",
          "FileVersion",
          "stream",
          "Decoder2",
          "m_IsRepG0Decoders",
          "BitTreeDecoder",
          "System.IO",
          "SetLiteralProperties",
          "kDicLogSizeMin",
          "kNumLenToPosStates",
          "`.rsrc",
          "SetDictionarySize",
          ".text",
          "NumBitLevels",
          "UpdateMatch",
          "StringFileInfo",
          "m_NumPrevBits",
          "LitContextBits",
          "kNumRepDistances",
          "Write",
          "v2.0.50727",
          "ReverseDecode",
          "ProductVersion",
          "#Strings",
          "kNumAlignBits",
          "m_IsMatchDecoders",
          "get_Length",
          "Models",
          "FileDescription",
          "@.reloc",
          "inStream",
          "windowSize",
          "get_Position",
          "!This program cannot be run in DOS mode.",
          "kMatchMinLen",
          "kAlignTableSize",
          "m_OutWindow",
          "Compression.RangeCoder",
          "m_DictionarySizeCheck",
          "m_HighCoder",
          "MemoryStream",
          "m_IsRepDecoders",
          "kAlignMask",
          "value__",
          "m_PosStateMask",
          "m_PosMask",
          "m_RepLenDecoder",
          "_stream",
          "RuntimeCompatibilityAttribute",
          "Index",
          "numPrevBits",
          "kNumPosStatesBitsMax",
          "CompilationRelaxationsAttribute",
          "CopyBlock",
          "PutByte",
          "kMatchMaxLen",
          "000004b0",
          "m_PosSlotDecoder",
          "ToArray",
          "mscorlib",
          "Translation",
          "OriginalFilename",
          "IWriteCoderProperties",
          "BitDecoder",
          "properties",
          "kNumLenToPosStatesBits",
          "UpdateShortRep",
          "m_Coders",
          "kNumPosStatesMax",
          "LitPosBits",
          "MultiThread",
          "kNumBitModelTotalBits",
          "posState",
          "outStream",
          "System.Runtime.InteropServices",
          "kBitModelTotal",
          "Compression.LZMA",
          "IsCharState",
          "SetDecoderProperties",
          "ValueType",
          "SetCoderProperties",
          "Order",
          "Decoder",
          "VS_VERSION_INFO",
          "ISetDecoderProperties",
          "kEndPosModelIndex",
          "inSize",
          "Exception",
          "m_LenDecoder",
          "DecodeWithMatchByte",
          "m_Choice2",
          "EndMarker",
          "#GUID",
          "Stream",
          "startIndex",
          "Object",
          "kNumHighLenBits",
          "Flush",
          "matchByte",
          "Lzma#.dll",
          "NumFastBytes",
          "kNumMidLenSymbols",
          "Compression.LZ",
          "PosStateBits",
          "ISetCoderProperties",
          "kNumLitContextBitsMax",
          "SetPosBitsProperties",
          "m_PosAlignDecoder",
          "m_IsRep0LongDecoders",
          "Create",
          "SeekOrigin",
          "ReadByte",
          "WrapNonExceptionThrows",
          "kNumPosModels",
          "GetByte",
          "Decompress"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 8,
        "cape_type": "Unpacked PE Image: 32-bit DLL",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x08510000"
      },
      {
        "name": "6a4a38c4482e414c906feff2bcb47d46b8ed525c6b88eff38080f494a7163a1b",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/6a4a38c4482e414c906feff2bcb47d46b8ed525c6b88eff38080f494a7163a1b",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x7F6C0000;?",
        "size": 44,
        "crc32": "F63A8DE7",
        "md5": "1479a186780e7c905c7793b85d8dfd00",
        "sha1": "03a060d75ac7b735913ed1796b03f2acfedd47ee",
        "sha256": "6a4a38c4482e414c906feff2bcb47d46b8ed525c6b88eff38080f494a7163a1b",
        "sha512": "d9843f2ed8135182ba7a6ad4ab1989b075e9ef4e63b8ad87aef742cbaf85d165a942aab56617c41b73740ffab9be237e109c2a10a9a11b8533c7da153c6c2639",
        "rh_hash": null,
        "ssdeep": "3:Uaql/stl+ClrxlNJ5ZJVhX:UF/sX+mXNJN",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": null,
        "sha3_384": "8aff1a2ab3cf7f30dea7149c2d02ce55f8ce02a105467e2be9c5d01f72c7baf8d15cf6c93237806654f4b56e4bf534a1",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x7F6C0000"
      },
      {
        "name": "7902243f3a376bfaa57345f4323c5ae18f5f180ad0fd75395f6a3344bab889d5",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/7902243f3a376bfaa57345f4323c5ae18f5f180ad0fd75395f6a3344bab889d5",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x051E0000;?",
        "size": 1380,
        "crc32": "A17019F5",
        "md5": "a94b479c5273e54e7a966557098714fa",
        "sha1": "3051a2e5270a008e337d99bc94b420c1bce0af10",
        "sha256": "7902243f3a376bfaa57345f4323c5ae18f5f180ad0fd75395f6a3344bab889d5",
        "sha512": "434deaf6ed29deae7ebec900ec1c7da42a677a69be93a2b6bd081ecbbee1f54efc99a165c2a35291ccf87dcc98dc3189a0069669ce1e0a869a01838a5fbb7659",
        "rh_hash": null,
        "ssdeep": "24:rGeQGp9S15T+OkwAzSIfURV/2z0Ww4472jWmiEAWhhgDNBU1k:rGedpk15COqM/ufw44qyohgDIq",
        "type": "Windows boot log, header size 0x51e0000, 0x1 valid bytes",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T17C21A54281DAA2E1C04D8AF84A289707D4C254C392FF6A7434ACEF2E90F0621CD564E3",
        "sha3_384": "07b8b4601637716b6b7088b40c1d42a901126f523b7b2d13be7cac8f89a6af65cd337d3c0402339357b7a68028210b4f",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          ">gpl]",
          "Y[^_]"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x051E0000"
      },
      {
        "name": "157b063a2a5ecda11353d506c46d65fac9350decc6f97df21fb48dc66a8a4c99",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/157b063a2a5ecda11353d506c46d65fac9350decc6f97df21fb48dc66a8a4c99",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x0290A000;?",
        "size": 354,
        "crc32": "E2F6479D",
        "md5": "3b0c94f80aa41d3135e58b9b8b11b124",
        "sha1": "d2ebe6bb0533e433542a2110c8b36ea45b4be777",
        "sha256": "157b063a2a5ecda11353d506c46d65fac9350decc6f97df21fb48dc66a8a4c99",
        "sha512": "2cc9d77c4ae3918da0b76ab94ca27d4a4039f5951b01fc0f03971f2638759019593a37de1be6257316896adc76fcb85efc0ffc030ce2fe492c4e606b8f956444",
        "rh_hash": null,
        "ssdeep": "6:9x3lObati5pS21zPo2lM/JmJKKpWArUVfll9ZO9ueCXGz:9FiTPo2u/osKpW5ll9ZO9u6z",
        "type": "Matlab v4 mat-file (little endian) 3, numeric, rows 43032576, columns 8192",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T129E07D07034007F5D808C5FB091BD78BCF8C443D71F8A756CF3C606324366D84011511",
        "sha3_384": "e3d9c380210402db9ab10cd504f3a34fda1ff0c409501b204cbef2a0e4ba41ba916c4d9a2f431ff5958537d50d402236",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "~sUSVW",
          "PRh`9~sUSVW",
          "UX5VS"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x0290A000"
      },
      {
        "name": "01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354",
        "guest_paths": "8;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x083B0000;?",
        "size": 100352,
        "crc32": "EDEEDF40",
        "md5": "9c8242440c47a4f1ce2e47df3c3ddd28",
        "sha1": "874f3caf663265f7dd18fb565d91b7d915031251",
        "sha256": "01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354",
        "sha512": "3525b219fec9894d9d534e6774e19fbf7097c9a00d733c11bee14c90b9beb82ce4cd2a35e97be71f096a7f6d60051da4026ab8e42c0409b0e54b50cd482beb7d",
        "rh_hash": null,
        "ssdeep": "3072:2m7DYfm4SRR+NaVEs+k6kiS+94ERR6gR0bRbD:2IoIRRGaVExfd",
        "type": "PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
        "yara": [
          {
            "name": "DITEKSHEN_MALWARE_Win_Nanocore",
            "meta": {
              "description": "Detects NanoCore",
              "author": "ditekSHen",
              "id": "931b98f6-df2b-538b-bc49-ecbbd24334da",
              "date": "2020-11-06",
              "modified": "2024-11-01",
              "reference": "https://github.com/ditekshen/detection",
              "source_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7654-L7681",
              "license_url": "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt",
              "logic_hash": "6336260e0af2b4b51338ee066f41b7c58aa134a6c03ca110db7e088edf2b65a7",
              "score": 75,
              "quality": 75,
              "tags": "FILE"
            },
            "strings": [
              "NanoCore.ClientPlugin",
              "NanoCore.ClientPluginHost",
              "IClientData",
              "IClientNetwork",
              "IClientDataHost",
              "IClientLoggingHost",
              "IClientNetworkHost",
              "IClientUIHost",
              "IClientNameObjectCollection",
              "IClientReadOnlyNameObjectCollection",
              "ClientPlugin",
              "get_ClientSettings"
            ],
            "addresses": {
              "x2": 63352,
              "x3": 63405,
              "i2": 63340,
              "i3": 63374,
              "i5": 63389,
              "i6": 63431,
              "i7": 63450,
              "i8": 63469,
              "i9": 63483,
              "i10": 63511,
              "s1": 63361,
              "s6": 83874
            }
          },
          {
            "name": "Windows_Trojan_Nanocore_d8c4e3c5",
            "meta": {
              "author": "Elastic Security",
              "id": "d8c4e3c5-8bcc-43d2-9104-fa3774282da5",
              "fingerprint": "e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4",
              "creation_date": "2021-06-13",
              "last_modified": "2021-08-23",
              "threat_name": "Windows.Trojan.Nanocore",
              "reference_sample": "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd",
              "severity": 100,
              "arch_context": "x86, arm64",
              "scan_context": "file, memory",
              "license": "Elastic License v2",
              "os": "windows"
            },
            "strings": [
              "NanoCore.ClientPluginHost",
              "NanoCore.ClientPlugin",
              "get_BuilderSettings",
              "LogClientException",
              "IClientLoggingHost"
            ],
            "addresses": {
              "a1": 63405,
              "a2": 63352,
              "b1": 83699,
              "b7": 83554,
              "b9": 63431
            }
          },
          {
            "name": "Nanocore_RAT_Gen_2",
            "meta": {
              "description": "Detetcs the Nanocore RAT",
              "author": "Florian Roth",
              "score": 100,
              "reference": "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/",
              "date": "2016-04-22",
              "hash1": "755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050"
            },
            "strings": [
              "NanoCore.ClientPluginHost",
              "IClientNetworkHost"
            ],
            "addresses": {
              "x1": 63405,
              "x2": 63450
            }
          },
          {
            "name": "NETDLLMicrosoft",
            "meta": {
              "author": "malware-lu"
            },
            "strings": [
              "{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }"
            ],
            "addresses": {
              "a0": 87502
            }
          },
          {
            "name": "IsPE32",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsNET_DLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsDLL",
            "meta": {},
            "strings": [],
            "addresses": {}
          },
          {
            "name": "IsConsole",
            "meta": {},
            "strings": [],
            "addresses": {}
          }
        ],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T134A3490766CD6EAEDABD4638733307C6C328CE425953D6DE28D420659A3A7D33A033D6",
        "sha3_384": "a9b9993935da4f81da652c08d13476b1a9b1baf3bedb362f5ac175fc33b5fc213b0b5decb98df5aca700b0c7e41e316e",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "pe": {
          "guest_signers": {
            "aux_sha1": null,
            "aux_timestamp": null,
            "aux_valid": false,
            "aux_error": true,
            "aux_error_desc": "No signature found.",
            "aux_signers": []
          },
          "digital_signers": [],
          "imagebase": "0x00400000",
          "entrypoint": "0x000173f2",
          "ep_bytes": "ff25002040000000000000000000",
          "peid_signatures": null,
          "reported_checksum": "0x00000000",
          "actual_checksum": "0x00025abf",
          "osversion": "4.0",
          "machine_type": "IMAGE_FILE_MACHINE_I386",
          "pdbpath": null,
          "imports": {
            "mscoree": {
              "dll": "mscoree.dll",
              "imports": [
                {
                  "address": "0x402000",
                  "name": "_CorDllMain"
                }
              ]
            }
          },
          "exported_dll_name": null,
          "exports": [],
          "dirents": [
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
              "virtual_address": "0x00017398",
              "size": "0x00000057"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
              "virtual_address": "0x0001a000",
              "size": "0x00002f88"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
              "virtual_address": "0x00018000",
              "size": "0x0000000c"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_TLS",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_IAT",
              "virtual_address": "0x00002000",
              "size": "0x00000008"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
              "virtual_address": "0x00002008",
              "size": "0x00000048"
            },
            {
              "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
              "virtual_address": "0x00000000",
              "size": "0x00000000"
            }
          ],
          "sections": [
            {
              "name": ".text",
              "raw_address": "0x00000200",
              "virtual_address": "0x00002000",
              "virtual_size": "0x000153f8",
              "size_of_data": "0x00015400",
              "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x60000020",
              "entropy": "6.94"
            },
            {
              "name": ".reloc",
              "raw_address": "0x00015600",
              "virtual_address": "0x00018000",
              "virtual_size": "0x0000000c",
              "size_of_data": "0x00000200",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x42000040",
              "entropy": "0.10"
            },
            {
              "name": ".rsrc",
              "raw_address": "0x00015800",
              "virtual_address": "0x0001a000",
              "virtual_size": "0x00002f88",
              "size_of_data": "0x00003000",
              "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
              "characteristics_raw": "0x40000040",
              "entropy": "3.34"
            }
          ],
          "overlay": null,
          "resources": [
            {
              "name": "RT_ICON",
              "offset": "0x0001a208",
              "size": "0x000002e8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.71"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001a4f0",
              "size": "0x00000128",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.08"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001a618",
              "size": "0x000008a8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.72"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001aec0",
              "size": "0x00000568",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "1.05"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001b428",
              "size": "0x00000353",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "4.05"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001b77c",
              "size": "0x000010a8",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.72"
            },
            {
              "name": "RT_ICON",
              "offset": "0x0001c824",
              "size": "0x00000468",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.76"
            },
            {
              "name": "RT_GROUP_ICON",
              "offset": "0x0001cc8c",
              "size": "0x00000068",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "2.69"
            },
            {
              "name": "RT_VERSION",
              "offset": "0x0001ccf4",
              "size": "0x00000294",
              "filetype": null,
              "language": "LANG_NEUTRAL",
              "sublanguage": "SUBLANG_NEUTRAL",
              "entropy": "3.30"
            }
          ],
          "versioninfo": [
            {
              "name": "Translation",
              "value": "0x0000 0x04b0"
            },
            {
              "name": "FileDescription",
              "value": " "
            },
            {
              "name": "FileVersion",
              "value": "1.0.1.7"
            },
            {
              "name": "InternalName",
              "value": "SurveillanceExClientPlugin.dll"
            },
            {
              "name": "LegalCopyright",
              "value": " "
            },
            {
              "name": "OriginalFilename",
              "value": "SurveillanceExClientPlugin.dll"
            },
            {
              "name": "ProductVersion",
              "value": "1.0.1.7"
            },
            {
              "name": "Assembly Version",
              "value": "1.0.1.7"
            }
          ],
          "imphash": "dae02f32a21e03ce65412f6e56942daa",
          "timestamp": "2015-02-22 00:49:49",
          "icon": "iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAY0lEQVR4nO3XIQ6AMBBE0YH0eGuAcwKmZ1sLCkHRZUj4o9qaeVmzqfT3DJl5OAGjs1ySynWIiFeLa62SPjABAABK+7Cte9fCeZlud/sEAAAAAAAAADvgsY7bddk79gnwMSH2nLDUDvNx5OJLAAAAAElFTkSuQmCC",
          "icon_hash": "f66c7c86e9ab59ef3f289acd613a3738",
          "icon_fuzzy": "c3ca946d749a15ad18efd3e5d7b0d8f5",
          "icon_dhash": "454545d4d4d44503",
          "imported_dll_count": 1
        },
        "data": null,
        "strings": [
          "#=qJMk2mm7JzMNLHm_qiokaBg==",
          "#=qdKcJdwMiOeYxOOef7tprPA==",
          "FileSystemInfo",
          "SurveillanceExClientPlugin.dll",
          "#=qj9ZxzplN98x0cw4vsdTIeAYbm4MuQTx3vvInSGv6TNQ=",
          "#=qmYO5ZdL8rYBU50vW2vu2vA==",
          "#=qNvC_NYQ$jxwZUcf0Dch28Q==",
          "#=q3$2Q8bGYuhwIzDGhDbeVKw==",
          "Concat",
          "MatchCollection",
          "Device",
          "wgdYBzhSP",
          "mscoree.dll",
          "get_Unicode",
          "DecodeDirectBits",
          "Environment",
          "0.0.0.0",
          "#=qSEueyU62hrm3SqHJ6k683A==",
          "#=q_DoWG6qBrmNj2sFXhHToddcMKO0wW3x6VUG0Xl$sx6Q=",
          "_Lambda$__2",
          "#=qCY4x0Hk1DV3VV540zoAoHq44QCRyxMpq9Z7J0uRDONc=",
          "AssemblyName",
          "Handle",
          "$+8)l",
          "WriteCoderProperties",
          "System.Collections",
          "DnsRecord",
          "#=qoESbzrXX757aiWupYaS0Fg==",
          "GetWindowThreadProcessId",
          "System.Resources",
          "\\3P0_",
          "GetProcessById",
          "set_Value",
          "#=qLoRN6X6HIt1Xa9meALla1w==",
          "#=qRLsSPguDZ2WiS_9q1jK0OA==",
          "feffeeffeefa",
          "kNumPosStatesBitsEncodingMax",
          "buffer",
          "9feffefeefef",
          "#=qXbC0g0j7eSDHrYXbfI7uUQ==",
          "numPosStates",
          "fefeffefefeYa*&+",
          "#=q1SKypGFVOvRWVSxnayoaZA==",
          "ffefeeffeefa",
          "#=qWJ6BottP3sy8x7gEdcb0bA==",
          "DNSLogging",
          "`Q[;*",
          "Int32",
          "#=qX9Iav0g17FfZrf$Wa_Z$UA==",
          "MethodBase",
          "?lg(*%",
          "#=q1gvzY2QJaRNC2Opj5zvkew==",
          "#=qQtYdx8zGiMcgHSZRdJY2eNz7X7jeIu77OE$6MbjGdow=",
          "Operators",
          "#=qkWsKP7N1mMxiLhNKbBGyYQ==",
          "OutWindow",
          "#Blob",
          "kNumPosStatesEncodingMax",
          "_CorDllMain",
          "#=qjuMRqjMOfCBSkBZ$qdWB7gfgShTNiHkLFmJMr9kwm2s=",
          "dictionarySize",
          "System.Text.RegularExpressions",
          "m_IsRepG1Decoders",
          "AddRange",
          "m_NumPosStates",
          "#=qitflJGbE1LvsFZhH2KI8iw==",
          "m_IsRepG2Decoders",
          "w,>XG",
          "FxtdFQ",
          "#=qLkA5Ktc2Vyv3E0oIB4RaGKVcXXSrFPOpFhegspshwsM=",
          "#=q3On07nwtezKDVaTvvy7hQw==",
          "System.Text",
          "DefaultMemberAttribute",
          "#=q_lmCRPO7dEMifptlI90PUI6fTs37DVMnLP3Tc_99pO9b_Ar2C6S3QjxXlqu$2$Ji",
          "Lzma#",
          "#=qMf1osOFZtYMmK9zzNx40rfvv_YoLwDp8OMEKs9fpung=",
          "*g<G#",
          "#=qyu3NT2dToM$yBnnmjJpX_A==",
          "GetFileName",
          "r1@bR",
          "m_NumPosBits",
          "BeginInvoke",
          "#=q$JRP3cfSdESKqcBwdqroDA==",
          "*feffeefefa(k",
          "}f?}(",
          "#=qnK4q617M6jpGr1Yao9yYqS$4rymgiQhJ4ZFnefse3xw=",
          "#=qeoqI9zQPLOZjV1JthHFzOD41rl7NT5wwztozAPfluxU=",
          "#=q87OQiW26GT5YhhifxB1ycQ==",
          "#=qbq1zwN5cBc2zVzfqhNqQ3A==",
          "#=qZEddNhTPipNw6nrWW_Y$yg==",
          "#=qC8mTOCLir0glpBrmJ0SdnmHHFbkpzCiiLHzNBfM8wGI=",
          "#=q$lfwQP3V$fI_eAT4UNT4Xw==",
          "_windowSize",
          "#=qVfaUfLDWAzF$RlYVgj1wNF8n8kmTu$wot2J$tCjGN8Y=",
          "pL;tw3^",
          "kNumPosSlotBits",
          "#=qwEixqO2naf_HFyLxM_Gcyg==",
          "DictionarySize",
          "#=q6OFP010g5soKgnTnbmu3Kw==",
          "#=qnKUfPP6szza9tbB6nUy8xg==",
          "m_LiteralDecoder",
          "#=qbSzob7di0xhquDotppyDIQ==",
          "#=qQYHJ9cbQC48EyKpwpB16nA==",
          "VarFileInfo",
          "#=q44Ge7WkJpSnGLK6MLWcFSRNgYnrWBmFZXNBBEoIIDaA=",
          "#=q4JZtAkw1AbHjZDLXOWX1S7hObryEvjHFr2lpmZRKKqk=",
          "UsedMemorySize",
          "ExportLogs",
          "CreateParams",
          "kNumLowLenSymbols",
          "System.Runtime.CompilerServices",
          "m_RangeDecoder",
          "propIDs",
          "#=qFmRvgsWHCKQ4mLv0tVX1LpXWrQGWBW2uPMRDDZBQ3NE=",
          "#=qEpLGwcDnU1CmOXL0_Q9_G3ma45ep4FwMouAEwhe3UDs=",
          "#=qfr01crnlLbYOSEVqdzZl_w==",
          "#=qtHnEPLPkk7hMadnASVBYOQ==",
          "#=q8m3eeZ3I1fe5NWroFByPwA==",
          "GetMethod",
          "#=qK2wA50V2hd26U81M2F89yA==",
          "#=q_jsSB3r53EMKsX0IF7998lJdtArDwZA$R1FORxem2gw=",
          "#=qIgstGGQ5QFyArsA4tFZ9gMXl2Z1n7FQM8Ir5yEhe7bg=",
          "3N,6T*",
          "IAsyncResult",
          "wwwwww",
          "EndInvoke",
          "Algorithm",
          "#=qn5IIXKsG$Rjf5NLYW0itfKOM31oZHLt3gLqf2_kftP8=",
          "Exists",
          "Clipboard",
          "stream",
          "#=qswcK7hT_kB0QKWfJkx5yaA==",
          "command",
          "#=qdp3_X66oJZlpIuv5LiL7oQ==",
          "#=qdGm5exfEhNFieJscVwP7Ig==",
          "User32.dll",
          "kNumLenToPosStates",
          "SetDictionarySize",
          ".text",
          "NumBitLevels",
          "tWG:ga6z",
          "Capture",
          "_.S1y#",
          "GuidAttribute",
          "#=qnYAWlQj57yOiw8G56cyZ1xAHaR1U7XOmUh4Dl1Ry2dw=",
          "NanoCore",
          "FileStream",
          "MemberInfo",
          "AssemblyTrademarkAttribute",
          "kNumRepDistances",
          "#=qpnx7zwfabY$GPmx17OGM$Q==",
          "$b@k,",
          "Match",
          "#=qm3$lqQFHE5yybYEUJcsoLQ==",
          "DateTime",
          "IDisposable",
          "LoggingCommand",
          "#=qZa8aL9QQpAct_eZ$OvV3DGt0jcd0qAWUB$fEqNjyKFc=",
          "#=qI9SaxQ9YixVXqEOEyYy4jg==",
          "GetRuntimeDirectory",
          "#=qGISQnMqbcWeKV0TurcNIKw==",
          "ProductVersion",
          "#=qzJW9ga54odAXLIjfGeC53w==",
          "#=qoYvuV7eCvAwMxHUFDJS8wA==",
          "Models",
          "FileDescription",
          "@.reloc",
          "ffeefefeffea",
          "#=qYqZmZ8i0gJ622Li_3yoHLg==",
          "DebuggerDisplayAttribute",
          "w,khq",
          "w,&0,){",
          "KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator",
          "get_Position",
          "#=qMHZxfZF2XEPb0lw4JSM_Rw==",
          "IClientLoggingHost",
          "#=qqMa2dn7Mo8AUqcdTNVrKnysHWb5y124IcjK25vm9eZo=",
          "#=qt$d$Ds4e4Jw1OgazOrFmP7IjRAhcajYSRQ3nV1Gv_gE=",
          "Wow64GetThreadContext",
          "kMatchMinLen",
          "#=qGcjgY6CoWEyIyBHhl8IOzBWznvmxUV$ea7X6DYChG4I=",
          "#=qTL5DPmA8W6iSCBjEJji2rQ==",
          "#=q$rj0ypz44wmTUIatF3mcCg==",
          "#=qsgunsIbevOIs8JXy3CoZMA==",
          "GetObject",
          "#=qs2bxKs15DbteFYTMsjthM8IIAMC9Avo9uFWUE1JbxpU=",
          "#=qTYMI4cCoxNXwMnM7O2jYeq5drMeUlMrrV09hYVC9erY=",
          "GetDirectories",
          "kAlignMask",
          "*Q:Z<B",
          "GetDirectoryName",
          "#=qE6F54GYIBpn$BZEfY630Wg==",
          "Thread",
          "CreateDirectory",
          "ffeeffefefea",
          "#=qIi_Ou2QI9eJprahHe$q2OQ==",
          "Index",
          "#=q3Z5wFl9_0OdP0OU1ZerzvQ==",
          "#=qZiNMDewvnldx4qzy3_KAqsLzOSv7XeVY6NGBzI7UWoI=",
          "#=qUEJZL$C$BINDXimDMMdI001yzN7JKwKsT6fA3y_33Zs=",
          "#=qX0mlJ6fIIwM2M3pw4kuJng==",
          "#=qVtDJRWPjI1BzmKOCciT_67L$pos6o3jsSqZbgwOmTXo=",
          "CopyBlock",
          "PutByte",
          "\"HL%=1",
          "kMatchMaxLen",
          "IClientData",
          "Directory",
          "#=q_epRHVto2biCMMVbfiHzdQ==",
          "#=qRJ08F9z0iJoY3iiXB0Qlrw==",
          "000004b0",
          "ReadLine",
          "#=qmoIs$6x0ZDyGXIN93fBP0w==",
          "#=qL7K9B3ZmF8NvfG9na7qxaiahB_Fp2Mn46HhJZMIv3sM=",
          "m_PosSlotDecoder",
          "Translation",
          "mscorlib",
          "#=q9T22Isi75tDHRtquK1dSvA==",
          "RuntimeHelpers",
          "IWriteCoderProperties",
          "#=qmUIbDGkqnZakNX$ZVNONlw==",
          "#=qtkP1JPc7yNllp83Le5QCNA==",
          "#=qtD63hWVl90223y03RXLNrA==",
          "-%&~P",
          "#=qzR6FgwKHQePmETWSV3UHVg==",
          "IClientReadOnlyNameObjectCollection",
          "#=q2YB5GAXeEvmYmIsxoHVu4uVCCNRqFNZApRAwgfaevQg=",
          "kNumPosStatesMax",
          "UM>!NC'O",
          "#=qwyZBd1E$zygsKRdrCM1tlg==",
          "#=qadlAy0ld3tNeu$IcI$2Jq_Arv7ASxtaLzDJHV4HhJlY=",
          "HideModuleNameAttribute",
          "_Lambda$__7",
          "Default",
          "#=qWmdtsGcuMivbk1JtTASVvg==",
          "recordList",
          "o M(d",
          "outStream",
          "#=qSseLs6pMe5FoflVo2bRqOQ==",
          "Wow64SetThreadContext",
          "rawInputDevices",
          "ToLower",
          "IsCharState",
          "SetDecoderProperties",
          "Boolean",
          "8.0.0.0",
          "q<+-T5",
          "#=qur7j1M5vHkSPasucOkbcNw==",
          "J{4!jpH",
          "Order",
          "SendMessage",
          "#=qBcPm_drbp7ocdEoXBCg55Q==",
          "pAB|\"",
          "Matches",
          "#=qbVZ2VGZYhcslyt7WOHvByg==",
          "#=qZrBp2zQvnJP1R2KqzmmR8A==",
          "#=qt5WsljHA_z4lWKJJiNRSEGCnAbuC8NDsfhiN_p8Vhq4=",
          "System.Security",
          "Resources.resources",
          "Exception",
          "td8V/",
          "Sleep",
          "#=q$eByR1alsjlxVI5xhSAtpg==",
          "#=qUvNuZD70A1m1h5rP8mt7hxHu6e1_lErn05OLHflfW_U=",
          "#=qMxv2Vlcc2Tp8j_uByDYyGJMxccShzf3B6SeYq7g7Daw=",
          "TimeSpan",
          "DecodeWithMatchByte",
          "Tc#Cf",
          "#=q0$8sFvWAj3Q5z0kt5$qL1A==",
          "GetString",
          "#=q2gdZtLtmxCrF2SEuXdll9g==",
          "#GUID",
          "#=qy7SdMitZjkIreiUV191vv9ssNSzMPuW8jMow5TTkIUU=",
          "AssemblyDescriptionAttribute",
          "afeffeeffefe",
          "#=qG_YyprUv4EKXjeIN$dVZHA==",
          "#=qlAdkkonfdPbm4KDS2op$vaZdX8byjv$LxAv$dtNhCYM=",
          "#=qiuuc1hm1qoPzINMXy6yo6g==",
          "_Lambda$__10",
          "Flush",
          "get_UserName",
          "#=qf$JSULqR8FwRBjD8O35M78CMWrW22oajqxT6WI8BsvY=",
          "#=qpQA5HetEkOqW8wCwEjKRvA==",
          "GetBytes",
          "& v<y",
          "Microsoft.VisualBasic.Devices",
          "#=qM20PlP1dETH_UsxzbJfTKA==",
          "kNumMidLenSymbols",
          "RawInputKeyboard",
          "#=qW2f_iwWmYEr7F$sLsSJyUQOLwNV7jFL4HCiEoxW8lh4=",
          "#=qJaPb45IJRsbtEzYPWDbNwpthPAgk3ktYb4cxU6CRRns=",
          "#=qaouzCOurd1KB0CsJ9gMIzQ==",
          "#=qNX0lYEuSQ$nDBW9nSNQAZQ==",
          "lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
          "BitConverter",
          "set_Position",
          "ReadByte",
          "ChangeClipboardChain",
          ">5n4T",
          "#=qjPdKXesXFUYK$lTAuWfj4g==",
          "#=qZ8jdBbqDQs5U27LEbuhkeA==",
          "#=q2oxbm0Yzi5XQVj1QkCC71A==",
          "VUyP`\"",
          "StandardModuleAttribute",
          "#=qwJ4w0jkRVthW3ex8w5dly$cWay1Am4JSh9ZTwaXqcz4=",
          "kNumPosModels",
          "#=qFIAR8B1f$tNJs2xhTgINCnRaZkcxVSBxxXtjUtb7Whs=",
          "#=qMwDyeKYTOkSPK81Bwd7OY2mUhsDwOc5zugQnqg1ZfW0=",
          "#=qc3C7cwFHdA0fP9ewBftW90qaZ7YCZNSkeDx2JbA$rIM=",
          "GetLogs",
          "GetTypeFromHandle",
          "Split",
          "@3n'pA",
          "!FI};",
          "#=qr03MMh5pLoqsU2EEvN6ch6Tr7EGrL5c9eR_71qVrp$c=",
          ",{Uu\"p",
          "#=qxns0sTKVsgArVmXl3cFChFnM3Jv6Np_VftoasierUvg=",
          "get_Current",
          "#=qApHfpHzdRAuqPbkbKAzJmptqQgc7NLQ6T4N$H6aQHdw=",
          "4System.Web.Services.Protocols.SoapHttpClientProtocol",
          "FileMode",
          "#=qzx697Szk1moqO$yUynaioQ==",
          "#=qryghDdZnHsy$RagUj_T5aw==",
          "#=q3$4$aeeKw0G6KJpmbsHtCSC3$LdCNMfTzWNTjLVfIoU=",
          "System.Configuration",
          "$a58de1a4-5da5-48e4-8e57-197cc7b39b9b",
          "#=qT03bmh7uoc7QIggZX8722i59yRaiKXEb45q$FKk2uZY=",
          "GetForegroundWindow",
          "#=qfvCuRNoH9u00SSFFCvqZfg==",
          "Enumerator",
          "_Lambda$__1",
          "rangeDecoder",
          "#=qIxjnZll5GhllBN9b$ufZ3w==",
          "PasswordCommand",
          "Process",
          "#=qBvMiXP1hJ6VKxap1MxE0TUe8TQ47t0bgRFkWT_2Ymyk=",
          "#=q5sfq13B7vXg052uxfqu39g==",
          "CoderPropID",
          "]DB?w",
          "m_Decoders",
          "handle",
          "#=qBFvoYJt20gtsoLlWjU7jDuRfeDDIa87upzYCldwrNpI=",
          "headerSize",
          "GetLenToPosState",
          "lR7YPL",
          "#=qsV5K_71ZHH78FtoiXhsOYTV_Csv1aAdiiSCpj2X2l6o=",
          "#=qgHfmPA2gNKnydwzqeSF_2nVCUjp4Sfb3eJfQd$j975A=",
          "GetKeyboardLayout",
          "progress",
          "Microsoft.VisualBasic.CompilerServices",
          "prevByte",
          "ResolveEventHandler",
          "KeyboardCommand",
          "#=qt4h6_$cdnIG2g3BjEtlC9w==",
          "#=qZL$T$hC424exz5$sUQkm7w==",
          "#=qgC0tfaC3XL8FoOE$$1EOPjdVRTBNXr2NN6qMTkS_iSk=",
          "op_Equality",
          "PtrToStructure",
          "#=qmj_W3318X7UXjXz1JgFDnA==",
          "dnsapi.dll",
          "System",
          "CultureInfo",
          "#=qK8YSOZHQFwZhkU76$yIGwZGiGsr64hyFLs_9C0C9am4=",
          "#=qAQlIVHekXJrJwpDPrher5Q==",
          "_[&_C",
          "RawInputDevice",
          "#=qVa4dlGgXioIeYYgbx3$NvQ==",
          "~kItE",
          "m_DictionarySize",
          "DecodeNormal",
          "pvKSg&",
          "#=qPQ2EtheKurZp3OCkjzyyfQ==",
          "#=qCOMF0I9Fd3HxgGmFBDkurw==",
          "nextHandle",
          "#=qXtiqGLzJVH3aswCtlNNiug==",
          "MyGroupCollectionAttribute",
          "#=qrfNBcNMYeC4rLqwqMcn1jQ==",
          "CreateProcess",
          "#=qqLHT7hLUa1CKAG8LwjstJ5pArtyKEnkhPdyr1iCpbvQ=",
          "#=qU1ta1c$LOdIR6a7j6Rj67A==",
          "Group",
          "#=qKm6o1ledVqdR1Rw65bjQpA==",
          "MatchFinder",
          "ToByte",
          "#=qmHLlS2qqUAdmPyMYO7MoCg==",
          "UpdateChar",
          "#=q9kl5SZeUeIanHPXqH8Byvg==",
          "#=qg8F7l$fE22BW2JsfOcHpQA==",
          "Close",
          "#=qLt1igOtnjDbO40cq0340qg==",
          "#=qq9v5LklzRMUWeC0fX17u2w==",
          "7bocd",
          "#=q7SFZv3_X1jh__i0qS$yTrM3aMBoo7MMGOOAa9ltriPA=",
          "get_UTF8",
          "yz)X:",
          ",aNu^",
          "System.ComponentModel",
          "PADPADP",
          "SuppressUnmanagedCodeSecurityAttribute",
          "#=qqH0HzK5dpalJBOwa$wm3qg==",
          "ToString",
          "#=qyyoWizFgb3s$leRoJx8tVA6$nX314Se8B3eVLLvmYmg=",
          "#=qD_tmohqZXqQNhfRrQTYMfA==",
          "wwwwwwwwwwwwww",
          "`.reloc",
          "kNumMidLenBits",
          "#=qPS5ww9Qh4Qg1KnC9SiWQMg==",
          "LegalCopyright",
          "#=qgfJt9ZkqNp_s2eN$EF8lRoKBGN4LufTLNE1dmIBIf28=",
          "CompareString",
          "w,koK",
          "#=qykGtg3M9D9MTgOzaJO5xlg==",
          "(P~GY6*",
          "w,,p\\Rn",
          "#=qlZpTa_5oxuNhvwPl6FFKJg==",
          "#=qSq5zYE9oYXENFbc3V2Pe6w==",
          "kNumMoveBits",
          "_cX*n",
          "CompilerGeneratedAttribute",
          "#=qajec5milwVsqpbQNJ3pdAg==",
          "#=qE9U$URsu_c0Ig08qpeApRw==",
          "#=qxNAiPpjp2npMNB0TDaEubA==",
          "Equals",
          "#=qJuchJ7XfDSJXhX78ouEvSDi2Fm4IZfphEm1lxVR84W8=",
          "Extra",
          "#=qtdpI8mE0PC7HKAm0rggvhIxya1OU5XWEFr8n2AbzdwE=",
          "#=qbDWEs19y0rXNZJloHjyEAXFFSfYqbb6nrn10YnV15GU=",
          "inputBytes",
          "#=qyM4k7EGb5X12gk8YOkeNSQ==",
          "#=qkQ6DX9hRr8CpN4pCprp8dKTu5XpWEUA3fFuODRBQebM=",
          "SendTools",
          "#=q$ga0JQ2t4Nzt317dL7s1HA==",
          "#=qFiQXtwwrpPrf6i6Nohe$2A==",
          "#=qizSuKVUZWi22rIa8Z61Irg==",
          "ContextValue`1",
          "SetValue",
          "ResumeThread",
          "#=q6Yv$G4eHDn8gxVVQ7jH00Q==",
          "#=qaeAZ85IK9icf1hoO$eIUgQ==",
          "#=qTm4mE2BvwyQu9opBPZoYvABEXk1NdIbQ5LncPq_d5OQ=",
          "ApplicationLogging",
          "SetLiteralProperties",
          "#=qaGMznr3c$ok6TsLDKsBgpA==",
          "#=qsWLw4NosPP1gi5wOWkKQoz05m2lejq$6CuB$iOBB3AI=",
          "#=qGgwwpS30yt7z7wmA5NNa3g==",
          "_Lambda$__8",
          "#=qHJ9pmoIz378G1x0B31eH2CidaiOdV6DLfrtp1WQ35Q0=",
          "&&+%}!",
          "ReadChar",
          "4qiu%",
          "#=qNkF4$24brNGyMOYlUQj393pFEgGc7yicoZSTjZc2U_k=",
          "#=qt6bzCtEoNTvCkJX9j_4kZA==",
          "get_LParam",
          "#=qBTBFzfYdUs1kd$sDfT5Epz4Tl8141_7UIrCZjDszn5Q=",
          "v2.0.50727",
          "BlockCopy",
          "#Strings",
          "System.Collections.Generic",
          "#=q93VKpOIqdRN9spJigbfgrQ==",
          "#=q55q3lEdynyzHRQ573ELk9w==",
          "Ag<@+[",
          "#=qkz0tRkb9CLbnp8T0rNs8bD38RdjxjzMZ5i$ZzJHTh88=",
          "#=qquAKrvKQMWW7XtSurdlOiBConuNVZHvcIKParMXA0xo=",
          "#=qKdosTQrPrTm1tOzWi7_fuA==",
          "#=qfcadZftcNHMdcc$N_OWH5w==",
          "inStream",
          "ConnectionFailed",
          "Ru0=?+",
          "#=qTHk4ibx53ALvuTHC2wskqA==",
          "NtUnmapViewOfSection",
          "Replace",
          "windowSize",
          "set_Item",
          "!This program cannot be run in DOS mode.",
          "EmailClient",
          "get_Handle",
          "get_Msg",
          "GetTempPath",
          "#=qnWasDZNfCexjVbIXlOnpIw==",
          "ToInt32",
          "EndOfStreamException",
          "Compression.RangeCoder",
          "k,(|T",
          "#=qQJH4ux8HloTlAflsU0KOQw==",
          "_Lambda$__6",
          "DeleteLogs",
          "m_HighCoder",
          "RuntimeMethodHandle",
          "m_IsRepDecoders",
          "#=qSNORDi2PZ1IaS6Ix8w2Ovw==",
          "DirectoryInfo",
          "BuildingHostCache",
          "#=qsKOmOA5TX7dlM04qtgpOst$qgth3kf9KZZgdjC8x01c=",
          "Buffer",
          "#=qqj_P$pMjCtq2aNcNj2bfvufyGKfRlrOOaFr$XqaDVXU=",
          "#=qPiY_FtDE2jSdy0HqtmetjQ==",
          "#=qb3mKZgoJuDEsFa1T9bEUEXgvprlgegmeeniWKKiLI3E=",
          "value__",
          "#=qoqavODXRVVim6fghcoKuUg==",
          "GetValue",
          "#=qxTs7FlUCrQFGhk1vAwkrww==",
          "_stream",
          "m_PosMask",
          "#=q$lT2sqOctP5oFLjWBJEQs0BRL9aPnJgXluSQmhlzNCo=",
          "#=q4Jhplum5EMsDzltMg_L_tgoPjr8zzldX6k5uL$T8QHU=",
          "#=qJmGC3VRVk1ET7LjbQuMLjv1DeKxnDw1Daxs6uZ9$FGs=",
          "RuntimeCompatibilityAttribute",
          "h[S:<",
          "Download",
          "keyState",
          "numPrevBits",
          "SuppressIldasmAttribute",
          "CommandType",
          "CompilationRelaxationsAttribute",
          "fefeffeefXa*&+",
          "#=qzmbTPkKexQ8AS0E1MhJt4_A4SKpUh8ZeSD1Jy_XS9eM=",
          "ffefeeffe",
          "#=qTvTlfv6UWF8IdF6Zqmb35eNfTGusCMVLLnh6QIr8tfc=",
          "ffefeefeffe",
          "#=qr0WxpkU89pDBkkfgDoLSTA==",
          "#=qAtoFurjRifVD18ho1R1Dg_WU5nSHW_qH7pBxN8aFTXc=",
          "get_Count",
          "GetFrame",
          "@pd/\\",
          "#=qTSHkb7KjuVyqS$aEfJJbZSroTPY6PUlDcdx_paGstVs=",
          "J$xgm",
          "feffeefefa",
          "4.0.0.0",
          "properties",
          "#=qA_ED7VJLXZPPKs12VIDWHSI60qb9KWEC_8LLPE2krW0=",
          "#=qxwLQaLG4uRX$LJGVfSKAwQ==",
          "CreateInstance",
          "feffefefeY",
          "MultiThread",
          "message",
          "ProjectData",
          "count",
          "posState",
          "#=qv7_G63PaFeyDwnDCC1g_2ru4l8PEzEzyOErEaKVPipg=",
          "#=qHhkScXruXZT5J3Z7jSiQgw==",
          "Compression.LZMA",
          "kBitModelTotal",
          "UInt32",
          "#=q9Faq5VxEeRCgWA$Fv2CQA2jL$TcgdmVDlxlkstaRIog=",
          "_Lambda$__9",
          "!z4V0?U",
          "MoveNext",
          "Monitor",
          "MySettings",
          "#=q4$epyV0nlPzbnzRsMLPu97OYyrwjvDZ_OdEY8a656zU=",
          "ValueType",
          "Round",
          "#=qIkSGT4qbCtcFRC7mMAAYkk84I1ZFkrYif3TMjD7ZPA6BOJlmCB8mpgUoVIHLwXka",
          "System.Windows.Forms",
          "ResolveEventArgs",
          "ApplicationSettingsBase",
          "#=qczls24TWLmlr2uaF9Rt2wA==",
          "#=q29P5wT0RtOGJtLYYrVuOyQJYKodBvb_Va_4aXFXskAY=",
          "NextRecord",
          "JpWt*i*",
          "Delegate",
          "inSize",
          "&&*}R",
          "~B)^VO$",
          "#=qm6zrH0rCSTx0zj182i8NBQ==",
          "#=qZov5VwasIgllCy$iPN3DNw==",
          "#=q7rWPYdgZxY0QTmTQR2fgkA==",
          "user32.dll",
          "iiyAt",
          "b`*&+",
          "}uS(zOQ",
          "Assembly",
          "#=qoKX_5NDx$uDAqG3r2Qdnaw==",
          "GetThreadContext",
          "#=qWToN2VSuMj$dJ8jwWVWiOw==",
          "m_Choice2",
          "UInt64",
          "#=qxBa98CfPwuO0cLdTtVr3UZ7sHS6clgMQTcxeOGfq1S8n3UU_wXWw5dLM3IIxjN4D",
          "12.0.0.0",
          "#=qCourOFK6$KSegqeVRJ$n6Q==",
          "Stream",
          "T{K+d",
          "NanoCore.ClientPlugin",
          "#=q1WnXnf5Kn3oZdelfZ9atXg==",
          "IClientDataHost",
          "System.Reflection",
          "get_BuilderSettings",
          "_Lambda$__3",
          "#=qufNwmAe7HQFIL14z99jHZDphg_1JvBp18S4ZB_HYCGk=",
          "#=qG3u5K_RNSi5MmPk5qGfBKA==",
          "#=qJOuiYi3iPZ3uVqoeKGMDrA==",
          "ObjectFlowControl",
          "#=qyEh7zio04YwNJbA3DRAL$w==",
          "LT/a%u:",
          "#=qbnS0OHMEgVPpx0TYW6jRag==",
          "#=q8gDcBSsTQnbm3KE02hl7OA==",
          "&&+Y}C",
          "ISetCoderProperties",
          "lParam",
          "get_Name",
          "SetPosBitsProperties",
          "#=qBC03ja1g7$0w$eh2jRxaQNyDuxwUf4rZ75JN5N$kch8=",
          "m_IsRep0LongDecoders",
          "#=qtR8C6BNO$zdw_O10qjEjJt6JYi$bG2X1MWCDgpSA5qI=",
          "Create",
          "RuntimeTypeHandle",
          "#=qLIG6VCTYxG1r34UESHGfO1ahvp9wHKfNE5aXgNksRVfBCY8bC6m10KiOo8KoXWAp",
          "SeekOrigin",
          "WrapNonExceptionThrows",
          "bufferSize",
          "get_TotalMinutes",
          "#=qX35LozMOnZ3iEnR45ploWg==",
          "HB:9/",
          "DebuggerStepThroughAttribute",
          "#=qcxNEmoaEf7Zh660RKW2dVQ==",
          "#=qlvbeh6Dpr600MHBhM5FM6w==",
          "EditorBrowsableState",
          "#=qvSf5MwzG8n0SP5HzSY2_SA==",
          "MA1O@",
          "Int64",
          "#=qatkJDnqMuS21CiNfog8F1qvM$VR71IK88NPDErK$cCY=",
          "DestroyHandle",
          "processId",
          "Microsoft.VisualBasic.MyServices.Internal",
          "#=qOGgnVTQ4xQCpfQDFVMvxDA==",
          "aqhgV\"",
          "System.CodeDom.Compiler",
          "System.Globalization",
          "#=q9xDVujoZXiSgiL5U3Ms$Ldw_aEku$YcJRTx_3Mn7bUU=",
          "VirtualAllocEx",
          "#=qWOxGbcFRgf83Lr2nIvLxMhjnXfcYgGMTYJ7wrFJ4zpU=",
          "get_ClientSettings",
          "removeHandle",
          "IntPtr",
          "Double",
          "#=quC7pb_XLQy2zPy$IHptd3gII7RxTbEmajVwI2QM2uDw=",
          "#=qWAKUq9CUhmQBqBddF0P5WA==",
          "#=qTVgha2c6EXq6oFogWKkJ$Q==",
          "kStartPosModelIndex",
          "IEnumerator",
          "#=qjfIm1PIGR6WF2vcep8flyA==",
          "_streamPos",
          "Timer",
          "#=qULF9QYOA4w2wDOoaAUQxV_zVQ8z$1R9w4sOnYqGnVZM=",
          "Assembly Version",
          "5Hyt)",
          "#=qYZPuHqYnW$Jt8HuO33EgZYVEW2BLvhWvH6HqYkna1vM=",
          "SendToServer",
          "#=qHs51RKHMwfV41Mwh991L9yGwclD4RD8GoEI6P7yiHCQ=",
          "SurveillanceExClientPlugin",
          "KeyValuePair`2",
          "#=qGlAaJxWXqCLviqDPasqF_1pEmmsHiVpOlHTQMftJNnM=",
          "LenDecoder",
          "#=qEwOBNFc9PVbJeL2o1SylSw==",
          "Clear",
          "#=q9d$pwaibXpl6EYmDW3LQyA==",
          "m_Choice",
          "#=qYczMyu4Q4ODpJ8_8yaxacw==",
          "#=qyM8Yaoy9PKeQBcWclAVdrdWwWFIiXRRFb3afnMytprg=",
          "m_MidCoder",
          "WndProc",
          "m_LowCoder",
          "#=q0sFoUO5oar9qfDXWiIsjK8QBKipcWLJeZEeGAn3jKTY=",
          "#=qoSjdpFhHgKw4ZkLE7HcUsA==",
          "#=q_0ryHl9Z3pX6cTMt2fN0mgWhGzumbPaq9sRkBsl9r8EcjEOO0EVuY7FHYqQczjcm",
          "IDATx",
          "ntdll.dll",
          "InternalName",
          "EKL={",
          "#=qXt41o0joH7oimdyJLyAEgb0$SgCvft18unPo3p7oDZ4=",
          "#=qErALxYBxbcQx7$wpILZasQ==",
          "GetExecutingAssembly",
          "#=qWLNfsz9$tdJq5W5eUmCK3g==",
          "Decode",
          "Usage",
          "kNumLitPosStatesBitsEncodingMax",
          "#=qniVQeVyK34aPdgdXRnruaUQrXw0DTGkycv51vldfdvs=",
          "_Lambda$__5",
          "State",
          "LiteralDecoder",
          "ffefeeffe(q",
          "mFLGG",
          "MulticastDelegate",
          "ClientPlugin",
          "title",
          "ComVisibleAttribute",
          "LayoutKind",
          "w,D.F ",
          "\\eRsH~&()",
          "SQnYq",
          "m_PosDecoders",
          "EditorBrowsableAttribute",
          "ReleaseStream",
          "#=q6edtgiaCLUi7SoZ61U8urA==",
          "_buffer",
          "b`h*&+",
          "#=qWOXTw_dLcjSXp$GN$pp5S1OPD7ZPz6$b2UbsKnONIhg=",
          "GetText",
          "solid",
          "kNumLowLenBits",
          "ICoder",
          "DebuggerHiddenAttribute",
          "ConnectionStateChanged",
          "#=q8DCG8ySziWq86pz6M2Nm1Q==",
          "#=qqUu6BRNscFAOfPTSzNJT1w==",
          "#=qqq0n2rS1_M7ChN0lsGOjWw==",
          "Window",
          "get_TotalSeconds",
          "&&*}5",
          "#=qWtdqJYyYX8j6Z3apMuSRyQY12glbN$YmR9vdImzaIBw=",
          "#=qG4$BfgVthjPwAu6cOeCEdA==",
          "#=qOkM4_GL6iJytfvW8X1Vv0JdORs6j60y4sZk64fltjPs=",
          "scanCode",
          "#=qH37BJRRVPDZdt_HquyjQCGhaKFyNxp4uozln_BmzbFU=",
          "ffefefeeffe",
          "NumPasses",
          "#=qaiFlnK6gufs9y1Oc4GuIMH251NlpwpnIGxTExPappTg=",
          "Di'8f#",
          "#=qjGf0Fo7ouDsRFksxehS1LLJzkD032TzIZQYMCq6zXPU=",
          "kNumLenSymbols",
          "#=qxNhCtLFT$uaHlRVrjNRfgQ==",
          "#=qNOZ9w$DcFPd9SOpnZgS0RQ==",
          "#=q9d0qL0bhhHsukDDuSglJm4WCBbjzHE0Bbid8Pr0XWh0=",
          "MyTemplate",
          "ArgumentOutOfRangeException",
          "#=qV79mcqV34cKRcC07zX3EAg==",
          "#=qgf2HF0U91g7Z5r3b_DTKKen95XyoRNKhJT0tZAdh0qE=",
          "GetName",
          "ClearProjectError",
          "#=qBXqRL3Dv9U6yo_YJzVNueLigr3DbGSqr8_$nTSKtZ2s=",
          "StackTrace",
          "outSize",
          "#=qPvYrleetOagqdcI9DE5KLx58LE24Y4CctC7$504MDk4=",
          "#=qkt_liXOxhoHW1IdbL3VH8w==",
          "#=qh9ajRGk2_65Q3Jd9wgongg==",
          "['c*a",
          "ClientSettingChanged",
          "ThreadPool",
          "threadId",
          "ffefeeffeXa",
          "#=qt3y2qSp0dv0vJPWjVw3zrUaK5pF8MkrfIOVi6473g$4=",
          "RuntimeEnvironment",
          "#=qr01FMUeoBCjkEqS0Tv6eBA==",
          "ViewLogs",
          "#=qc7jxesQacILbzixeNG7FgVPmFPAfjvpvdnuAU2yopkw=",
          "#=qTDB6veXFhv3LJZPZLsXjAA==",
          "'b(?P",
          "StartsWith",
          "System.IO",
          "lS]@\\",
          "#=qa5bWbwMs799DVwO6Xd1rN3bJzFHKr4_gzkvb0x1jS4Fq$eNnm1UXtsC$gMpO485Q",
          "#=qynZM5QfSMAmkvPfv_N252H9sirBUdDlLNsjX68Ie$iw=",
          "-b&(f",
          "[@'s8",
          "StringBuilder",
          "get_FullName",
          "get_LastWriteTime",
          "#=qnsLPayfk95jd6qjcEgWvsg==",
          "#=qkJLhjNBL62x0Maq56Qyxvg==",
          "Regex",
          "GetFiles",
          "Invoke",
          "qL88<",
          "nC=\"kO",
          "#=qISpXJwqB9eU0aC9WFSg0Ng==",
          "ReadInt32",
          "ep&L2lT",
          "@o$?H{",
          "Remove",
          "#=qsbY2J0lq2mDKdHpdoqFbhILxgHjBTI3htQgLDLlw4tw=",
          "DateTimeKind",
          "#=qy62TL0vimm$9c8r9cknBlg==",
          "#=q7yeIS$Nxs6vRTxwkrC3NI7XBjBtanYpAY7F6lpVJMNs=",
          "get_WParam",
          "o3K=M",
          "#=q9MSpJ0C9gy1tNtiHMT0xuOhK0eh3XkuUCIUdV0CL_Vc=",
          "feffeeffefe",
          "#=qDryb$Lj81YuexT_kT546UteX3jn1a5MWE58jzYBzqzA=",
          "kNumAlignBits",
          "m_IsMatchDecoders",
          "vD|Jy",
          "get_DeclaringType",
          "#=q5LicbGLyNvYH7rAg86LLew==",
          "#=qd8PFK0o9ZmfLuRvVs5TueBqBiNJMAYg6mfAY7qPvztw=",
          "#=qILpIzHL2R4oZr_xuJ35Ks0Qv8efeDFq9$IysEjhmwb8=",
          "#=qXwgB3iQRF3f74mr47OcIXA==",
          "Format",
          "#=qbaeFrXHqfUmKDWhl$m1oW1YJ6aPS$T3nwSKQdfykURs=",
          "IClientUIHost",
          "K.^^0d",
          "Pd5iG",
          "#>6Mzf",
          "#=qbt21$tSdKp3amqFUQffN4g==",
          "#=qmAOt84hQOfmqpLQTy_m9Gw==",
          "MakeCode",
          "get_Chars",
          "w,uNm",
          "#=qJLhNEnVZH5g1ZqJMJz$RzYGuUiBvJ7jvAqqxd1jmI9w=",
          "SetThreadContext",
          "fefeffefefe",
          "#=qoOW0Qs7uLOIFAgZnF5WYag==",
          "IClientNetworkHost",
          "get_TickCount",
          "KeyboardType",
          "AssemblyCompanyAttribute",
          "ResourceManager",
          "_Lambda$__4",
          "RawInputHeader",
          "fefeffeefY",
          "#=qfGRrfgRh9ShPgCgw1WBGlA==",
          "UsagePage",
          "#=q8kI8WUAO3EIwh$dDbLO4hBJVnsPN1Kf$8oLzDKgLItY=",
          "GetEnumerator",
          "m_PosStateMask",
          "GetPublicKeyToken",
          "defaultInstance",
          "Dispose__Instance__",
          "kNumPosStatesBitsMax",
          "y/Tbb3",
          "#=quNCOqLbHCNvjlAK7Bf3cDbhyHY_4LIdtbLCWmQ_qI5Y=",
          "#=qcoWy4j$hfMjQGUjg7sMLcA==",
          "#=qqAcSxqYR8KvfnXGv78vSLpHnokxYmR2kdhuhJW9_ry8=",
          "#=qamafmS78hoJBlTvbicCkog==",
          "#=qFFTan1UEcEUWGr2OOrOYjJGYp4rAAjZjzwTWUS0rVrw=",
          "#=qph0dM8ScBo399Qc8dFf7SlZHZ5$T9MiuQgUb1gNxX6w=",
          "#=qafWoeWm0EJ5rJHlvMm4iDkNn$EYGciEBRwJDLt7$nbQ=",
          "#=qVJN_4jIyRrZ5yAy$Rn5RLinbGCq7szN2kXQqx5f3mq0=",
          "ReadAllText",
          "tuerl",
          "ToArray",
          "#=qbXdnCoLjynzf7IU_sWtIxQ==",
          "get_CurrentDomain",
          "FileAccess",
          "#=qnkToepswNMS8gbnXEvMwzMYEEKNiPU5uDsX9dRhrWNQ=",
          "m_Coders",
          "get_Default",
          "get_IsAbsoluteUri",
          "LitPosBits",
          "4#Q22",
          "Empty",
          "#=q6PBQzT2s0OXAPNX0HyA9nA==",
          "get_MetadataToken",
          "GetCallingAssembly",
          "ReadPacket",
          "#=qB_ief8yBaOrLHFWAY1qqaBDkGFE5diWAXZyimYvjzkY=",
          "MapVirtualKeyEx",
          "GetWindowText",
          "BU2l$",
          "#=qrrF6$_dvEtwtuQKnJBulHA==",
          "#=q$SxR33u2B2QKyvTy6OUx3VUEnsU1BBIwrFbNm_dTmvc=",
          "#=qQ0_U51a7sN5obfKsBtIlCA==",
          "Int16",
          "WaitCallback",
          "LogToServer",
          "#=qjw6ERKjxRJyhmlKKhTbkm3qZjjnDTqlES7REqNxqUOg=",
          "get_Item",
          "UInt16",
          "#=qyGd52xKGg1UK99QpoNpdz9dSKN3tgIE6mEvh5axkN4DdSC0KoH7ndNvZZfDKjIAY",
          "Mz&?8",
          "ffeeffefeef",
          "#=qy7iFFOCv78505n$_BrNPxRrFO5LEklS7ID6JkyE1sJ0=",
          "wParam",
          "maxLength",
          "fefefeffe_-",
          "get_Now",
          "kernel32.dll",
          "kEndPosModelIndex",
          "#=qBUViwm1Wzov4U2EcqfWHEYm9yRhCdBkuxxjXALmkpzo=",
          "#=qVSN1Lpi9mDmMGgmaAHvebQ==",
          "get_Size",
          "get_Variables",
          "pI,4711",
          "AssemblyTitleAttribute",
          "#=qhXmGn2CELzUWoG0JCIbI4w==",
          "#=qUto48Jl62GtgsCwHVL7Hgg==",
          "Delete",
          "Dictionary`2",
          "#=q0XvCVIzf4UbwwbesII8AcyVgrM$fv_y6$FjnV7yW05Q=",
          "IJxFC",
          "-H%a=",
          "get_BaseStream",
          "#=qkyQiUlPlMKotWknoHqlomhKQpOjgRch0EcZ31P06MMc=",
          "Dispose",
          "4UH@9JE",
          "B.rsrc",
          "matchByte",
          "TimerCallback",
          "fefeffeeffe",
          "MYkv[",
          "#=qjTb0yKP0PvX_$sNLZrWc3SrhKi2B8TapGYB0qQ_d2ic=",
          "NumFastBytes",
          "#=q2ps$7ibfUjB8cShObHpkOw==",
          "GetRawInputData",
          "GeneratedCodeAttribute",
          "#=qGbx9gQEhahxfxQgVR1WKYA==",
          "kNumLitContextBitsMax",
          "#=q1E8O4JTltplIX9hIlv2U_fvNRBdciVrREW4_qwWnAG8=",
          "#=qrGwSUb5xTQIFyn575GZnPg==",
          "#=qeRlDn71ka07USXFfJJUR2tjdNrp$C8rMYT7zAiVKaFY=",
          "#=qho_BPlTxogZ6unjnM3aUEA==",
          "qKsP&",
          "#=qjnoznhVPIrOVW7AdFC20oQRiO8PwCQlyil8yL1Vu$kM=",
          "KeyboardLogging",
          "u[AF7NM",
          "#=qO6x5ewjr4GGgRnaDV90ZlA==",
          "DnsGetCacheDataTable",
          "GetByte",
          "#=qXaCFAlCJk0zL$1TRW78z2TZB6TE_kmNEDibtTaGwApE=",
          "op_Subtraction",
          "de!#%d",
          "#=qMUhpaeAQYPZGtrQ6m5D8$T6a5UohdjKBly_QCCrNbic=",
          "#=qYf8VVQYyVIBbHqbd$XL$cA==",
          "Decompress",
          "\"zD_2",
          "qHF>7K",
          "#=qyJGUlE1_rLpfgGH0HVA4uA==",
          "#=qzk3NeGOwuEBmY8yfhx9RGeCtT3ElsluQSWlGax0FSTg=",
          "layout",
          "#=q463flxIG4yBvVk$L2nY$rA==",
          "#=qkArXx5faq_yiVVDZVy8zPg==",
          "#=qh0PZD5Xzw4GYzrxwVJgNXdBLljub_GVfhqf6qMZuuOM=",
          "#=q_kf6X0FJYJ49vkYU3o4hF4ABiUFCz_wIANIlPo9Wtqg=",
          "#=qZDfXudm0$xsDWCHGELpd5JJQykxvZE2iCT02xHzYWZs=",
          "BinaryWriter",
          "#=qm8f9k1aXVtORA4naJCkxW5anSegBcHo_NtygLkyg$zI=",
          "#=q4w8mBBo92N6vPz_rEq4NCg==",
          "feffefeefef",
          "#=qGqoN6NYMG6qhAx_trPC_ossyh4syAKivlJ4ofRtY1Bc=",
          "ICodeProgress",
          "String",
          "#=qU5Uv$YfWv4YU_tU0WnuWRQ==",
          "#=qm6w5$AGhTmDiKS6fDc_8lQ==",
          "kTopValue",
          "Append",
          "numBitLevels",
          "#=qwRLyHsQEgr3hVfF8nnZ7KA==",
          "#=qia6Q_CLWGyNlq5m_x$gzsg==",
          "get_Host",
          "Yaa*&+",
          "Range",
          "#=qUByjqwT1e89jxnX_MQXMWbKNidprz_QzC__AUDqY7Uc=",
          "#=qt8g2vpq5xuzYmHVNoc4aRQ==",
          "#=q5B2i_ZFG$fkyLcTMcIhd9w==",
          "QueueUserWorkItem",
          "GetObjectValue",
          "#=qhketRNLRWT8CVAmblf0IwOvCoFFzVqRP3cb74HV_KhA=",
          "ChangeExtension",
          "#=qmhUzkJg2ExNnbX_5KEDmiQ==",
          "#=q4XS3XWwqg0cYnVCF1ZC2NbwZSfEBY5biSs$73sq9_qY=",
          "kNumFullDistances",
          "#=q_EpKD6Wcn8v1q27F7Au3V2_q9nsNwbRHldZOuKkGS9M=",
          "GetRandomFileName",
          "&&*}8",
          "#=q5g$eC0ljHvRuQ5Sjg8qhXD5ifXDj39Cm6o39Y5BwaAc=",
          "#=qLpgJeYVNxM5InVOGfQCJgQGoJXhVBZL78RSpTucm8vM=",
          "<generated method>",
          "#=qR6XN5QQYUNdzcxSpOeojXw==",
          "#=qRkVCQkwYopuW3FhsOB8R7Q==",
          "distance",
          "X!RF,",
          "V\\CDo",
          "#=q79jR0bJe_Ob_U2hce_Wy2KY4qSDCR$4x41oNq35cm3Y=",
          "#=qay1xmyx9Oqat62Q8L3hW8g==",
          "ContainsKey",
          "GetState",
          "#=qGvdgcYjJPldjZjV15YO1AQ==",
          "ContainsText",
          "#=qKkT5k_oMJ5jlOboYqGKerA==",
          "System.Diagnostics",
          "Marshal",
          "IClientNameObjectCollection",
          "SetProgress",
          "kNumStates",
          "#=qZDaMo8z4aSDSIJR8FYpOIWr2QgacQNuQzvtxGLdfriI=",
          "#=qE$fiW9I$YR8wzvprmP6GMg==",
          "IEnumerable`1",
          "ReadProcessMemory",
          "numPosBits",
          "#=qZVAY6xaoFDtd779Ohye_i7puUwiqn0vUdRn2mygGXjk=",
          ".ctor",
          "SetProjectError",
          "\"!&%'%8797:7;7",
          "#=q6cFrjMmsBzZaHdwkK64MvIJCVps43s79Zoc5jAQQ3B0=",
          "UpdateRep",
          "LogClientException",
          "rawInput",
          "DebuggerNonUserCodeAttribute",
          "#=qTmPD_08CamgMljHM9Dk1O8BoSybsXHEUiOmZnlrjslQ=",
          "#=qncI$$cNGF5Pots4RoA2KEQ==",
          "InternetBrowser",
          "StringReader",
          "AddDays",
          "ReferenceEquals",
          "GroupCollection",
          " :hu'a",
          "CLSCompliantAttribute",
          "virtualKey",
          "get_Groups",
          "Reserved",
          "1(:>/",
          "#=q3i4wls3IHcjOio705aCSHg==",
          "DataLength",
          "AsyncCallback",
          "#=qiw21QRsOuXRsr0EoFXe6yg==",
          "<Module>",
          "StructLayoutAttribute",
          "UriKind",
          "#=qbb8M4CbvbU9dtw7rljxsOgowhtC_M0HHHYDQvfbewMA=",
          "!:6=?J",
          "SizeOf",
          "Conversions",
          "numTotalBits",
          "Synchronized",
          "%B!eu",
          "StackFrame",
          "RegisterRawInputDevices",
          "FileVersion",
          "Decoder2",
          "ClientInvokeDelegate",
          "get_Key",
          "CreateHandle",
          "m_IsRepG0Decoders",
          "BitTreeDecoder",
          "CheckForSyncLockOnValueType",
          "IClientNetwork",
          "#=q4Nr8w$2KKfb5UztnulwYRg==",
          "kDicLogSizeMin",
          "PipeCreated",
          "Intern",
          "`.rsrc",
          "AssemblyFileVersionAttribute",
          "System.Threading",
          "ffefeeffea",
          "UpdateMatch",
          "Encoding",
          "IsNullOrEmpty",
          "#=qkmhFErk5YMKo51GKKlhE9g==",
          "StringFileInfo",
          "m_NumPrevBits",
          "LitContextBits",
          "Write",
          "GetRecords",
          "#=qrs1kHm2Vk1lgdS_uku1L9g==",
          "#=qMJgjQNh1HDTnQhoJXfa0WA==",
          "ReverseDecode",
          "AssemblyProductAttribute",
          "#=qPRgfS7lOTcyHKSlbB8xgkA==",
          "Microsoft.VisualBasic",
          "AppDomain",
          "#=qT1akwluU_CPHm0nhoKf6Rw==",
          "#=qfisk2$Joqzyumzd6fh2dOQ==",
          "get_Length",
          "#=qvfRcdVwrMsCxkiqADFMhLstfJFNrXezVOSkR7LYl6_c=",
          ".(\\iF",
          "#=qhY91O0Ehtf92oxnuh2FVz3zwgJyjBwDokEEXjvLvO6Q=",
          "feffefefefehah",
          "Win32",
          "z0v{1*",
          "#=qvvwoAYTFwjESTUFg0fNF7SLde7qYhx8qSoPZyr3HMfc=",
          "Contains",
          "BinaryReader",
          "ToInt16",
          "L269a",
          "VariableChanged",
          ",?eg!",
          "#=qQqcsGt5b2PDsslTZJ$dt_mKNdeXa0POgZBx5R0LjlPM=",
          "#=qw9VSFm68B5Ljl$xHUUa_Hw==",
          "get_Assembly",
          "FileInfo",
          "#=qbbS2gH77jp8FUp6F13JpY6MGDSb9v3gnCOBNgbF7cVA=",
          "GetHashCode",
          "kAlignTableSize",
          "m_OutWindow",
          "m_DictionarySizeCheck",
          "#=qpQr3Y9fGkwa$qRqPoCizPZ9VR0dem4a4NMuT_i6c3sQ=",
          "#=qUZFlYoOocheA6eC84I2B1Q==",
          "MemoryStream",
          "3System.Resources.Tools.StronglyTypedResourceBuilder",
          "#=q7_TpaeFTuHRPDnfbdnzhMw==",
          "IsControl",
          "SettingsBase",
          "Change",
          "#=qXH69A$_8u_BEH$6TuzFn6w==",
          "m_RepLenDecoder",
          "#=q5kTowhAuuSOCKCKI6_gw5Q==",
          "Activator",
          "#=qrrUz6hC0NPP229srrATMtK3maxNKi2E6oaUoFmACl9I=",
          "DnsCommand",
          "wisxa",
          "GetKeyboardState",
          "Flags",
          "#=qVmsOOzNjkaQuSyIKz50umg==",
          "OriginalFilename",
          "BitDecoder",
          "#=qeZCoccI3yJdWJ3ayrHW$WA==",
          "kNumLenToPosStatesBits",
          "UpdateShortRep",
          "#=q7xw_62wJAROEdfmrcOfU9A==",
          "#=qGPyC5Xsppd3A9GM1nbF6UA==",
          "#=qz_b1L2sFeS3InI52Fcb$xw==",
          "WriteProcessMemory",
          "kNumBitModelTotalBits",
          "#=qhe3YBArn2XZllRv5mtI$IA==",
          "-7& G",
          "ToUnicodeEx",
          "-=&~L",
          "System.Runtime.InteropServices",
          "w`TeE",
          "#=qUUTENRjCs2Tp8v$UkD2pyj$_WERyijyYrwjs9ap51Bc=",
          "#=qYnC$MeSjL22yOmZmIH9O5Q==",
          "flags",
          "add_AssemblyResolve",
          "SetCoderProperties",
          "Rz4Zy",
          "Decoder",
          "#=qA6W6GWeKbpqYNXHHn0NOqQ==",
          "GetManifestResourceStream",
          "VS_VERSION_INFO",
          "#=qxPKYwApYHsDUAngYujXcMg==",
          "feffeefeffe ",
          "ISetDecoderProperties",
          "Combine",
          "Create__Instance__",
          "ffeeffefehah",
          "Computer",
          "#=qHULrE3ucj3pP3z4Q8AHNQ6f7gkmXn_0Fohqp275LJtI=",
          "m_LenDecoder",
          "ApplicationBase",
          "#=qL4z9que7yasXNRV3gE808Q==",
          "EndMarker",
          "#=qbxOnQHmVH_9KW47BBLVbiw==",
          "ReadString",
          "TmYM>K",
          "E'Y=u",
          "#=qps$_CRy8QN3tD8_cpxbl5Q==",
          "#=qOB8cEznqDkvIxRcccHlIsv7sC6k2hObkCZSKdkJ_Zsk=",
          "#=qv$8E8sC6lJIPtd2$JZCylw==",
          "startIndex",
          "List`1",
          "Object",
          "kNumHighLenBits",
          "AssemblyCopyrightAttribute",
          "DefRawInputProc",
          "1.0.1.7",
          "w,X8WD",
          "#=q4JDS1p4qILBfxV6iYzPvew==",
          "#=qG0TXdiUc5RapAeqxDJArye7UrdqGI4sA16AWYfcrCf0=",
          "Lzma#.dll",
          "fefefeffe",
          "StringSplitOptions",
          "#=qMaYcsaYwkZMTqb1yZLawvsT_RxwqTAeocZdt0axWTAI=",
          "#=qtnUi7yodyLqv1sucEHesww==",
          "#=qj4ZL7Xa5Jh3aXGsDJ8nwq9Ol$7j95Q2WIH6RXdknYOM=",
          "get_Value",
          "Compression.LZ",
          "PosStateBits",
          "#=qCqIROk23BL$5SZnsNcMGzw==",
          "get_ProcessName",
          "NanoCore.ClientPluginHost",
          "m_PosAlignDecoder",
          "#=qgvFUiZFJ0DnA4jPHJSI0$g==",
          "Header",
          "afefefeffe",
          "SetClipboardViewer",
          ".cctor",
          "NativeWindow",
          "#=qp0rjqvRPFB117u1oIM8eyg==",
          "#=qNwsNe80RUFvWuBVxKYH7CdkcJCEYrUuUzsDzmfG3Y0f_hVViDx0xK8xqdS9y79EZ",
          "Enter",
          "#=qMb7ah3f2LZnw5uZZ2MwFiVVbfzLytVjDFOGKjr3$eXM=",
          "#=q7ZvQqMWc8EiVYIemfr8kugujhdIVidtkVJrdNaMKkMY=",
          "#=qnKfe8RVyBZnzTVIYVRXs3lz7$G7e6QuPxi3Jx3scwJ4=",
          "PipeClosed",
          "#=q8PUUaAp4ut016MmvuKrU1A==",
          "Message",
          "#=qcYLUomKQ3VHSKmjKloHutA==",
          "Array",
          "#=qdLYSf0D2H54oOFJ36kM4Rg==",
          "Microsoft.VisualBasic.ApplicationServices"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 8,
        "cape_type": "Unpacked PE Image: 32-bit DLL",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x083B0000"
      },
      {
        "name": "dc4a61046d5f6b52019eda5764ab099414471fc9e9fb50c828092a8db276c84d",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/dc4a61046d5f6b52019eda5764ab099414471fc9e9fb50c828092a8db276c84d",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x08660000;?",
        "size": 2252,
        "crc32": "E0DA99CC",
        "md5": "3b73545169bf86699c7a2f1ab3cbdd5a",
        "sha1": "f9554b86fcdbe19cd41b276729e4f7247210ade8",
        "sha256": "dc4a61046d5f6b52019eda5764ab099414471fc9e9fb50c828092a8db276c84d",
        "sha512": "bfc1aa69f7abb06f2f6eb2cd940e4d077a059a532dd95984df0f0eeb773326785e81f554d7139d3f5be6eff65aca33a7f806fca424d0e19cba75bebf077aa51b",
        "rh_hash": null,
        "ssdeep": "48:Ia6qtYYIPFo32G8NKl9yGHvZlHuIEUdufa8fb3sf0uok6s7vcXxaHkxfU:r6OYd8vPHxUb3E/7kQN",
        "type": "Matlab v4 mat-file (little endian) l\\260\\003\\353h\\260\\006\\353d\\260\\011\\353`\\260\\014\\353\\\\260\\017\\353X\\260\\022\\353T\\260\\025\\353P\\260\\030\\353L\\260\\033\\353H\\260\\036\\353D\\260!\\353@\\260$\\353<\\260'\\3538\\260*\\3534\\260-\\3530\\2600\\353,\\2603\\353(\\2606\\353$\\2609\\353 \\260<\\353\\034\\260?\\353\\030\\260B\\353\\024\\260E\\353\\020\\260H\\353\\014\\260K\\353\\010\\260N\\353\\004\\260Q\\353, numeric, rows 140902400, columns 65536, imaginary (1)",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T17441788BB6600AB8D407F239A5EFD90D7207C03E249EE65C508CD09B9192C9CFD94B33",
        "sha3_384": "4422d9ed88c824028c6ee70f1d640330ec5197e9d9a0396efe16098ba375dd35cc189878989e669ffc07da138790c9dc",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x08660000"
      },
      {
        "name": "93da0626e38b0f52be088e4e0960b629ba52a39a2ca07e32b131a24d489d513d",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/93da0626e38b0f52be088e4e0960b629ba52a39a2ca07e32b131a24d489d513d",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x07810000;?",
        "size": 2249,
        "crc32": "F1FA7743",
        "md5": "04a8fa404ac3f1ad51449ea22a3f9496",
        "sha1": "d8db2f4bcf1e4aaafacb2b9e777a4b9cd2bca1ed",
        "sha256": "93da0626e38b0f52be088e4e0960b629ba52a39a2ca07e32b131a24d489d513d",
        "sha512": "e3de83f1d7b2d50f420b4154623bac49fb5a3b7a4ec5445dfc31a3ddfb40cfe07a2f95589f758d340f9cd0ca525e4d391ee425cfdaf659235bf5a65bce159a9a",
        "rh_hash": null,
        "ssdeep": "24:TFmg+SKqIbCbWanxJAYbc8dFZAT7qylllzbEkh2k:4SQbCbjIYrHZdylllzbEkhD",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T11A41F926DA74A242C0009B3C9F278F614374DA0A1742CE2B0309F43A8EE62B211D31CD",
        "sha3_384": "6af3efea973cc515e6bd6414bf59b04ccaea18bd979e64a27833c5b0c33478edfee16b76332b9d96d596f626a75402fa",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "! #!%\"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x07810000"
      },
      {
        "name": "b639220ba55e061b5ed03cb609435b06f2ca7eb4ded611f62778f43d345d4b25",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/b639220ba55e061b5ed03cb609435b06f2ca7eb4ded611f62778f43d345d4b25",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x08640000;?",
        "size": 9089,
        "crc32": "E1AB968A",
        "md5": "cd984e14149e00f2a74c24405e6fa0ee",
        "sha1": "a6271bb76b311eb63cbe1b6bc0a4846d812d2f78",
        "sha256": "b639220ba55e061b5ed03cb609435b06f2ca7eb4ded611f62778f43d345d4b25",
        "sha512": "7a053bec0e6c5d55c017e58fdbc64aac43a90cc387671451c2828e26c2cc6f214eb1b6c730a074ac0beadda4f322dffc02ecca95bc3b70a32ade19994be6549a",
        "rh_hash": null,
        "ssdeep": "192:yFX6QkF1+FDEJPY4t5Z3BIgAS99l6xQXf60ss9JhK/cYgdir:bFA491JikxTXftss/hKk3Q",
        "type": "Matlab v4 mat-file (little endian) P\\370\\256, numeric, rows 140771328, columns 65536, imaginary (1)",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1BF12C601DF86D567C26BBAF902214390D2C8CCB51F3E0A817BD8ECBAAAB01D1C915B43",
        "sha3_384": "0937ad927d4683f3f2233beb8ab287d05fc18699cd2a9eb52f0a6d22382901399377f4358f5d23efb0f77820fb65a576",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "RO,k^]",
          "w :G ",
          "VP,k^]",
          "8N,k^]"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x08640000"
      },
      {
        "name": "5131cc93670f51e88960065f7bb8df32f8381db790c5a1ab3de61f19dec14c5f",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/5131cc93670f51e88960065f7bb8df32f8381db790c5a1ab3de61f19dec14c5f",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x077F0000;?",
        "size": 524,
        "crc32": "916DC393",
        "md5": "ca56929eaedcdadc8cecfd79bb896ac4",
        "sha1": "e6dc4731d01d17069cc1df80d3206192d3eb5d90",
        "sha256": "5131cc93670f51e88960065f7bb8df32f8381db790c5a1ab3de61f19dec14c5f",
        "sha512": "8f5cfe26c5995deec650875fed6559d195774d23e5d52d986b56350091bb4e61a26cad3438dcdbcc00b03768c8a26f5d07ca627fa277ebee5ceefbf7dc3a2d99",
        "rh_hash": null,
        "ssdeep": "6:J1WrKlzQ+lM/JUVD9crQIKaBvQjzCXJT9l+lM/JmJqQJsq1gRiTg9Q2JM+itXYLg:yGQ+u/+VhcLKGv2zAl+u/ocGGM+ugal5",
        "type": "Windows boot log, header size 0x77f0000, 0x1 valid bytes",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1AAF097430E200895CC8086B94BA0DB86EE5EC1298381A945CB1C02203B3D9E880AC825",
        "sha3_384": "21b95b2aedbb04cca1a9f358bc303a5e08480c6f058b4f5628ddb8d47f8409bd25f6370f096b6e0b89087787dea3d81b",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "UX5SV",
          "8~sUSVW"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x077F0000"
      },
      {
        "name": "c53c9857218e56767da2dc2ef8fb81c512704e4023339b58d91ba52cdf903dca",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/c53c9857218e56767da2dc2ef8fb81c512704e4023339b58d91ba52cdf903dca",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x079B0000;?",
        "size": 32766,
        "crc32": "3992DEDE",
        "md5": "e701463d86122f59fe4886730a98ca01",
        "sha1": "a0066ca487973d7c30726057e34211f0864fecf4",
        "sha256": "c53c9857218e56767da2dc2ef8fb81c512704e4023339b58d91ba52cdf903dca",
        "sha512": "15c4dacb925b8f4232ccbdd58b7394851d1136664752447736f7bc7776485ed161f8cb7a19a67f31d5c386b10e21b7402baa54776a556951a9d6970be8545fc1",
        "rh_hash": null,
        "ssdeep": "96:VMsiUVMijT8n4e6DXj5+rQLFaFztcLcxmeFLUn1WpFNMVqgG2Mg:ms0J6DXj59gFgcx5I1WpFodGq",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T158E2BA877AB0C913C10C5B3988E7C75B3332F984AB07670F3545B32E5CB63AA9E59588",
        "sha3_384": "1163b365ff604740a12dfdb5c099e74177e12a8a46f778ff02e09ee5765f6a49ec5df61b8d892e0a8d510491c2bc6882",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x079B0000"
      },
      {
        "name": "67a4e4961f92079cfb03d908719e99c6c09b74279b0e37b9d7eea541659f3957",
        "path": "/opt/CAPEv2/storage/analyses/47/CAPE/67a4e4961f92079cfb03d908719e99c6c09b74279b0e37b9d7eea541659f3957",
        "guest_paths": "9;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe;?0x02910000;?",
        "size": 4094,
        "crc32": "5C7725D6",
        "md5": "dd9bd03c43f51fcc93f7bfb5cab91f65",
        "sha1": "f9385ad06d568ca2801fdda27076275261cd1692",
        "sha256": "67a4e4961f92079cfb03d908719e99c6c09b74279b0e37b9d7eea541659f3957",
        "sha512": "7867e52424c7901d492ee82868329fca2e8f92903ed189653d01fa28113a7b1c0c553558fa6e43886b531cf406b13b4b2136a52ba3b791cf83e37c1defe290f0",
        "rh_hash": null,
        "ssdeep": "24:dvszLNrVbyDF4+ddm3UmbhFfINDfcDlG8FSf:JszFVbyDFJ7mJzMDilGf",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T15F81109837004751DCCEA331086A43A1BF3DCB0866802A8DE95846B62D3F7796502218",
        "sha3_384": "e24e4065e725c4ebc498711e09fc73cef2c074ea7c5907f2e527105f5c0c1b2f850f6289925c78bf1c1b7707939a07e5",
        "yara_hash": "b833150b13e1662cfeb7589959edd288cf4e73710395ec5c5f2123f39a668f4d",
        "options_hash": "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
        "data": null,
        "strings": [
          "<~sUSVW",
          ";~sUSVW",
          "PPPPPh"
        ],
        "virustotal": {
          "error": true,
          "msg": "VT File lookup disabled in processing.conf"
        },
        "executed_tools": [
          "overlay",
          "msi_extract",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "process_name": "sex1.exe",
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "pid": 6648,
        "virtual_address": "0x02910000"
      }
    ],
    "configs": [
      {
        "NanoCore": {
          "BuildTime": [
            "2026-04-27 13:44:13.898730"
          ],
          "Version": [
            "1.2.2.0"
          ],
          "Mutex": [
            "b99f832a-30b2-4929-80df-5af09cffdbc2"
          ],
          "DefaultGroup": [
            "nnzn.sa.com"
          ],
          "PrimaryConnectionHost": [
            "nnzn.sa.com"
          ],
          "BackupConnectionHost": [
            "nnzn.sa.com"
          ],
          "ConnectionPort": [
            "443"
          ],
          "RunOnStartup": [
            "True"
          ],
          "RequestElevation": [
            "True"
          ],
          "BypassUserAccountControl": [
            "True"
          ],
          "ClearZoneIdentifier": [
            "True"
          ],
          "ClearAccessControl": [
            "False"
          ],
          "SetCriticalProcess": [
            "False"
          ],
          "PreventSystemSleep": [
            "True"
          ],
          "ActivateAwayMode": [
            "False"
          ],
          "EnableDebugMode": [
            "False"
          ],
          "RunDelay": [
            "0"
          ],
          "ConnectDelay": [
            "4000"
          ],
          "RestartDelay": [
            "5000"
          ],
          "TimeoutInterval": [
            "5000"
          ],
          "KeepAliveTimeout": [
            "30000"
          ],
          "MutexTimeout": [
            "5000"
          ],
          "LanTimeout": [
            "2500"
          ],
          "WanTimeout": [
            "8000"
          ],
          "BufferSize": [
            "65535"
          ],
          "MaxPacketSize": [
            "10485760"
          ],
          "GCThreshold": [
            "10485760"
          ],
          "UseCustomDnsServer": [
            "True"
          ],
          "PrimaryDnsServer": [
            "8.8.8.8"
          ],
          "BackupDnsServer": [
            "8.8.4.4"
          ],
          "cncs": [
            [
              "nnzn.sa.com:443",
              "nnzn.sa.com:443"
            ]
          ]
        },
        "_associated_config_hashes": [
          {
            "md5": "ec0381bf2a31d2ce2e4a00f809db6266",
            "sha1": "cbb5b6fc88aa57b1675a71a7e1d9eede95238315",
            "sha256": "2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b",
            "sha512": "f4d2af561ceabbb1793af9866d1efc6497886d6447b658e1ac37fbc650ba95a27a017b16574959388ca88354c9041ae781aa31caeaa5cc06b26b017d819b8614",
            "sha3_384": "ec3dce417ea77de9d5ffe299d314856d9fe313aef6f2d0756bd3c1d5189229fa7ec47b248eca9b4b3e92aa5ea87b0095"
          }
        ],
        "_associated_analysis_hashes": {
          "md5": "ec0381bf2a31d2ce2e4a00f809db6266",
          "sha1": "cbb5b6fc88aa57b1675a71a7e1d9eede95238315",
          "sha256": "2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b",
          "sha512": "f4d2af561ceabbb1793af9866d1efc6497886d6447b658e1ac37fbc650ba95a27a017b16574959388ca88354c9041ae781aa31caeaa5cc06b26b017d819b8614",
          "sha3_384": "ec3dce417ea77de9d5ffe299d314856d9fe313aef6f2d0756bd3c1d5189229fa7ec47b248eca9b4b3e92aa5ea87b0095"
        }
      }
    ]
  },
  "info": {
    "version": "2.5",
    "started": "2026-04-28 00:03:23",
    "ended": "2026-04-28 00:07:29",
    "duration": 246,
    "id": 47,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 40,
      "status": "stopping",
      "name": "win10x64",
      "label": "win10x64",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-04-28 00:03:23",
      "shutdown_on": "2026-04-28 00:07:28"
    },
    "package": "exe",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {},
    "source_url": null,
    "route": "",
    "user_id": 0,
    "CAPE_current_commit": "a9a0887dab232f52c59e955b9984dd494c47ce6b"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 6648,
        "process_name": "sex1.exe",
        "parent_id": 7304,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "first_seen": "2026-04-27 21:05:13,697",
        "calls": [
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe9b0"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7417ed49",
            "parentcaller": "0x7416dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\"
              },
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryInfoKeyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebeb00"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7417e980",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000238"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "5"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "9"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebead0"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7417e9f7",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "v4.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "6700",
            "caller": "0x7417e9f7",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "v2.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v2.0"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "8084",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-04-27 21:05:14,197",
            "thread_id": "8084",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417e9f7",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "Upgrades"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\Upgrades"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "7424",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "7424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417e9f7",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "standards"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417e9f7",
            "parentcaller": "0x7417ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "AppPatch"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417edb8",
            "parentcaller": "0x7416dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000238"
              },
              {
                "name": "SubKey",
                "value": "v4.0"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417eb88",
            "parentcaller": "0x7417edde",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "1"
              },
              {
                "name": "MaxValueNameLength",
                "value": "5"
              },
              {
                "name": "MaxValueLength",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebeba0"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417ec0a",
            "parentcaller": "0x7417edde",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "30319"
              },
              {
                "name": "Data",
                "value": "30319-30319"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0\\30319"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebeb20"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7417ee01",
            "parentcaller": "0x7416dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "7420",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "7420",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "4232",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "4232",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x741751c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x74174e1c",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe8e0"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7418ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x741ac000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x74174e34",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x74174e71",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x74174e7f",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-04-27 21:05:14,213",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x74186667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e790",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x74186677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x7417ef8e",
            "parentcaller": "0x7416dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e1c",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e34",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e71",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e7f",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x74186667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e610",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x51d5aa91"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d8c32f"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x74186677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e1c",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e34",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e71",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-04-27 21:05:14,275",
            "thread_id": "6700",
            "caller": "0x74174e7f",
            "parentcaller": "0x741752b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-04-27 21:05:14,307",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x7417952e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei"
              },
              {
                "name": "DllBase",
                "value": "0x73e10000"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e189ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e189ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e18760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e18760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e18760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x7417952e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e10000"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x7417952e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73e10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e114d0"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCleanupCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "SetShellShimInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "OnShimDllMainCalled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e19630"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e1fa20"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x73e22143",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e18d85",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000001e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x73e18da2",
            "parentcaller": "0x73e1924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x73e18de3",
            "parentcaller": "0x73e1924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x73e18df4",
            "parentcaller": "0x73e1924a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x73e1162d",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e250",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc87fbef5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-04-27 21:05:14,322",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-04-27 21:05:14,338",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-04-27 21:05:14,338",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-04-27 21:05:14,353",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-04-27 21:05:14,353",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-04-27 21:05:14,353",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e17007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e17007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x73e15ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e0"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e21a39",
            "parentcaller": "0x73e16701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e21a7f",
            "parentcaller": "0x73e16701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000238"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76f20000"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f20000"
              },
              {
                "name": "FunctionName",
                "value": "UrlIsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f343a0"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e20224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e2024d",
            "parentcaller": "0x73e20350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyV2RuntimeActivationPolicyDefaultValue"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e202b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e20224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e2024d",
            "parentcaller": "0x73e20350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "OnlyUseLatestCLR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-04-27 21:05:14,369",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e202b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-04-27 21:05:14,385",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-04-27 21:05:14,385",
            "thread_id": "6700",
            "caller": "0x7727081d",
            "parentcaller": "0x73e44737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x03\\x00\\x00\\x00\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-04-27 21:05:14,385",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-04-27 21:05:14,385",
            "thread_id": "6700",
            "caller": "0x7726f16b",
            "parentcaller": "0x73e43dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007df334"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e5863e",
            "parentcaller": "0x73e5740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e43e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x77270c75",
            "parentcaller": "0x73e43ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e43ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7727081d",
            "parentcaller": "0x73e44737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x03\\x00\\x00\\x00\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000240"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7726f16b",
            "parentcaller": "0x73e43dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007df334"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e5863e",
            "parentcaller": "0x73e5740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e43e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x77270c75",
            "parentcaller": "0x73e43ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e43ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e2fc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000006",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000000"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e2fc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000238"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000234"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e2fa9a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000234"
              },
              {
                "name": "SubKey",
                "value": "v2.0.50727"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v2.0.50727"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x73e2509d",
            "parentcaller": "0x73e298ef",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-04-27 21:05:14,447",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1dd47",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x75250000"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1dd47",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75250000"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1dd47",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75250000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75250000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75253a00"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75250000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75253d80"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75250000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75253db0"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75250000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75253dd0"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77260848",
            "parentcaller": "0x73e1db51",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea30"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77263cc4",
            "parentcaller": "0x73e1dbb9",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe690"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x73e1dc0a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e1dc40",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e1dc62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e17f73",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000244"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x73e17fa5",
            "parentcaller": "0x73e18014",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x73e17fd5",
            "parentcaller": "0x73e18014",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VERSION"
              },
              {
                "name": "DllBase",
                "value": "0x75460000"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75460000"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x754615c0"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-04-27 21:05:14,463",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x73e2080a",
            "parentcaller": "0x73e1da39",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x0000081c",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x754615e0"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x73e2082b",
            "parentcaller": "0x73e1da39",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75461560"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x73e1d044",
            "parentcaller": "0x73e1cfd3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-04-27 21:05:14,525",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-04-27 21:05:14,541",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e17007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-04-27 21:05:14,541",
            "thread_id": "6700",
            "caller": "0x73e11e78",
            "parentcaller": "0x73e1d114",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x02910000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-04-27 21:05:16,010",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1fecf",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x76ad24ac"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-04-27 21:05:16,385",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\\MSVCR80"
              },
              {
                "name": "DllBase",
                "value": "0x73740000"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-04-27 21:05:16,385",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks"
              },
              {
                "name": "DllBase",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-04-27 21:05:16,432",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-04-27 21:05:16,432",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05211000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-04-27 21:05:16,510",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05212000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-04-27 21:05:16,510",
            "thread_id": "6700",
            "caller": "0x7379339d",
            "parentcaller": "0x73741762",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73741da6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FindActCtxSectionStringW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac8900"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73741dcd",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73741dd6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "PGORT80.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ace2b9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-04-27 21:05:16,557",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x76ace2c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\\msvcr80.dll"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-04-27 21:05:16,572",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e1d0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01ca0431"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-04-27 21:05:16,572",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-04-27 21:05:16,572",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e1d0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-04-27 21:05:16,572",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-04-27 21:05:16,572",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a5e350",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\\msvcr80.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1cf05b4"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-04-27 21:05:16,588",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-04-27 21:05:16,588",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ace569",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-04-27 21:05:16,588",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73741f08",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-04-27 21:05:16,588",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemWindowsDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac9500"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-04-27 21:05:16,744",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73896231",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-04-27 21:05:16,744",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessExecutableHeap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74171fa0"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-04-27 21:05:16,744",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessExecutableHeap_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-04-27 21:05:16,744",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessExecutableHeap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e11e60"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x77e7007d",
            "parentcaller": "0x7726648d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7389032d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73890395",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738903bc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "GCStressStart"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738903cc",
            "parentcaller": "0x739176dd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7389032d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73890395",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738903bc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "GCStressStartAtJit"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738903cc",
            "parentcaller": "0x739176dd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7389032d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73890395",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738903bc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "GCStressStart"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738903cc",
            "parentcaller": "0x739176dd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7389032d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73890395",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738903bc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "GCStressStartAtJit"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-04-27 21:05:16,869",
            "thread_id": "6700",
            "caller": "0x738903cc",
            "parentcaller": "0x739176dd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1fecf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73e1fecf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x737e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              },
              {
                "name": "FunctionName",
                "value": "SetLoadedByMscoree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x77266176",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "USER32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d10000"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d517d0"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d518c0"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x73e1ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7391877c"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x73938391",
            "parentcaller": "0x739383dd",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x73895854",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-04-27 21:05:16,885",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCLRFunction"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738d08a5"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7389032d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73890395",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738903bc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "DisableConfigCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738903cc",
            "parentcaller": "0x738955f2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73895620",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73895620",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738c2bb6",
            "parentcaller": "0x7389565b",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x738c2bb6",
            "parentcaller": "0x7389565b",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73a192bb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterTraceGuidsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea44b0"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "UnregisterTraceGuids"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e99a70"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceLoggerHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eac810"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceEnableLevel"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eac860"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTraceEnableFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eac890"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-04-27 21:05:16,900",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "TraceEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77f41320"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-04-27 21:05:16,916",
            "thread_id": "6700",
            "caller": "0x77e7007d",
            "parentcaller": "0x7726648d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-04-27 21:05:16,916",
            "thread_id": "6700",
            "caller": "0x77260c1f",
            "parentcaller": "0x7388c16d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-04-27 21:05:16,963",
            "thread_id": "6700",
            "caller": "0x73792866",
            "parentcaller": "0x738953e7",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74172e40"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "IEE_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e40c70"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              },
              {
                "name": "FunctionName",
                "value": "IEE"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738954a8"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7385f357",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e2000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-04-27 21:05:17,072",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7385f357",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e2000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73894c46",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7416ffc0"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupFlags"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e3f5a0"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74172050"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetHostConfigurationFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e3f600"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORVersion_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORVersion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e3e060"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73894634",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORSystemDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741708b0"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetCORSystemDirectory_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e3f300"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-04-27 21:05:17,088",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-04-27 21:05:17,103",
            "thread_id": "6700",
            "caller": "0x77277bae",
            "parentcaller": "0x73e52c0b",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-04-27 21:05:17,103",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000240"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-04-27 21:05:17,103",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e50f0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-04-27 21:05:17,103",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000224"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-04-27 21:05:17,103",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e50b0a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-04-27 21:05:17,166",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-04-27 21:05:17,166",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e196a0"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-04-27 21:05:17,228",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-04-27 21:05:17,228",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-04-27 21:05:17,244",
            "thread_id": "6700",
            "caller": "0x7726249c",
            "parentcaller": "0x73e11df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x7726249c",
            "parentcaller": "0x73e11df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "18712"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73e200b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77e40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlUnwind"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea8f40"
              }
            ],
            "repeated": 0,
            "id": 271
          },
          {
            "timestamp": "2026-04-27 21:05:17,385",
            "thread_id": "6700",
            "caller": "0x77e7007d",
            "parentcaller": "0x7726648d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-04-27 21:05:17,463",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7389341a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-04-27 21:05:17,463",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad06e0"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sex1.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x7383db34",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\fusion.localgac"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x73b4b62d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "CacheLocation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73b4b671",
            "parentcaller": "0x73b4b6fd",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73b73ef5",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemWindowsDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac9500"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x73893263",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "DownloadCacheQuotaInKB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB"
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738932b7",
            "parentcaller": "0x73892966",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "EnableLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "LoggingLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "ForceLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "LogFailures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "VersioningLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "LogResourceBinds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds"
              }
            ],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyIdentityFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "DisableMSIPeek"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73892a56",
            "parentcaller": "0x7389059b",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738931c0",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "DevOverrideEnable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x73aa3b8f",
            "parentcaller": "0x73aa415a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7388c23b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf090"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77260848",
            "parentcaller": "0x73890e3c",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea30"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77263cc4",
            "parentcaller": "0x73890e70",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe690"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x73890e9b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x73890ec5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc40\\xa7\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73890edd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73890ef0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 309
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf2d0"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf170"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebfc70"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Private_IPCBlock_6648"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726f16b",
            "parentcaller": "0x738921f3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007df7dc"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7388c23b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf090"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77260848",
            "parentcaller": "0x73890e3c",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea30"
              }
            ],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77263cc4",
            "parentcaller": "0x73890e70",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTokenInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe690"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x73890e9b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x73890ec5",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4/\\xa7\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73890edd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73890ef0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000238"
              }
            ],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf2d0"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf170"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebfc70"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-04-27 21:05:17,541",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000238"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Public_IPCBlock_6648"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-04-27 21:05:17,557",
            "thread_id": "6700",
            "caller": "0x7726f16b",
            "parentcaller": "0x738922ec",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000238"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007df7fc"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-04-27 21:05:17,603",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7386cc0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadStackGuarantee"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1f20"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7386aa35",
            "parentcaller": "0x738900a6",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x73b787d1",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0"
              },
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x73b7880d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              },
              {
                "name": "ValueName",
                "value": "OptimizeUsedBinaries"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries"
              }
            ],
            "repeated": 0,
            "id": 337
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x738b2cae",
            "parentcaller": "0x73887206",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v2.0_32\\UsageLogs\\sex1.exe.log"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x7389378f",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad11e0"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace770"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1e20"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FlsFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2050"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 346
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02900000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 348
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x028f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 352
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04070000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 4,
            "id": 355
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04080000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-04-27 21:05:17,619",
            "thread_id": "6700",
            "caller": "0x77273ee6",
            "parentcaller": "0x77260d14",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "EventName",
                "value": "Global\\CorDBIPCSetupSyncEvent_6648"
              },
              {
                "name": "EventType",
                "value": "0"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000288"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7388f3ff"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4452"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000288",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7388f3ff"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4452"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7727d303",
            "parentcaller": "0x7388f3ea",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000288"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4452"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77261137",
            "parentcaller": "0x7726088e",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77265900",
            "parentcaller": "0x7388ee08",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7388f260",
            "parentcaller": "0x7388f23a",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7388e8be",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "AddVectoredContinueHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ef8860"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "RemoveVectoredContinueHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ef8880"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77264500"
              }
            ],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7388e451",
            "parentcaller": "0x7388731e",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x73dae000"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a7e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77271454",
            "parentcaller": "0x7386c4c9",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000294"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 374
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "4452",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05031000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73aeacc4",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x006e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ee000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77260c1f",
            "parentcaller": "0x7388c16d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-04-27 21:05:17,682",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0290a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x77274faa",
            "parentcaller": "0x7385f357",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x737e2000"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02902000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7388be89",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets"
              },
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-04-27 21:05:17,697",
            "thread_id": "6700",
            "caller": "0x7393a55f",
            "parentcaller": "0x7388bece",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000002a8"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf0b",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "Internet"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7388bf58",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002a8"
              },
              {
                "name": "SubKey",
                "value": "Internet"
              },
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "MediaPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\MediaPermission"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "WebBrowserPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\WebBrowserPermission"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet\\"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x7388c090",
            "parentcaller": "0x7388b414",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf0b",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "LocalIntranet"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7388bf58",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000002a8"
              },
              {
                "name": "SubKey",
                "value": "LocalIntranet"
              },
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "MediaPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\MediaPermission"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "WebBrowserPermission"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\WebBrowserPermission"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf8c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet\\"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x7388c090",
            "parentcaller": "0x7388b414",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7388bf0b",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x7388be02",
            "parentcaller": "0x7388b414",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-04-27 21:05:17,713",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77263cc4",
            "parentcaller": "0x738d74fa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x738d73b8",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77261446",
            "parentcaller": "0x738d73f9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x003\\xa6\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76ea0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertSidToStringSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe4c0"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x738d75c5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x000002ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x738d75de",
            "parentcaller": "0x738d7029",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002ac"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x7384680e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002a8"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-04-27 21:05:17,744",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\shell32"
              },
              {
                "name": "DllBase",
                "value": "0x77590000"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77590000"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77590000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77590000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x776edc30"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9112f",
            "parentcaller": "0x77e8f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e921cc",
            "parentcaller": "0x77e920d6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e69c",
            "parentcaller": "0x77e9e212",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e6d9",
            "parentcaller": "0x77e9e212",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e912bc",
            "parentcaller": "0x77e91427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75700000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0060d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9009f",
            "parentcaller": "0x77e90824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ca5000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00002000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e79ddb",
            "parentcaller": "0x77e8b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75c9f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9112f",
            "parentcaller": "0x77e8f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e72d",
            "parentcaller": "0x77e9e212",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e735",
            "parentcaller": "0x77e9e212",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e921cc",
            "parentcaller": "0x77e920d6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e921cc",
            "parentcaller": "0x77e920d6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e69c",
            "parentcaller": "0x77e9e3e8",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e6d9",
            "parentcaller": "0x77e9e3e8",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e912bc",
            "parentcaller": "0x77e91427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000002e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00027000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9009f",
            "parentcaller": "0x77e90824",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756f2000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e79ddb",
            "parentcaller": "0x77e8b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756f0000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e72d",
            "parentcaller": "0x77e9e3e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e0"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e9e735",
            "parentcaller": "0x77e9e3e8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e90da0",
            "parentcaller": "0x77e7e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75c9f000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e90f7a",
            "parentcaller": "0x77e90dc2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00c\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00A\\x00p\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00a\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00l\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\\\x00W\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x00l\\x00"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x77e90da0",
            "parentcaller": "0x77e7e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x756f0000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 449
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 451
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9851",
            "parentcaller": "0x750d8c22",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9890",
            "parentcaller": "0x750d8c22",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x756d0000"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 456
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 458
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9851",
            "parentcaller": "0x750d8c22",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9890",
            "parentcaller": "0x750d8c22",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000002dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-04-27 21:05:17,760",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x75700000"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772656f1",
            "parentcaller": "0x756d69fd",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-eventing-provider-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x756d6a24",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70b80"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772605b6",
            "parentcaller": "0x756d6a53",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\wldp"
              },
              {
                "name": "BaseAddress",
                "value": "0x756d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x756d8bd0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x758dd258",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x758dd27f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea4e10"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x758dd28d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77308040"
              }
            ],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x758dd29b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77150000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eaa570"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e8ff5f",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ca5000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75ca5000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x758979ad",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x7589797e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e724f0"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x75897868",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb40c0"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x758977e7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70780"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x7584a3ba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eac2a0"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x75897927",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea52e0"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x758486ce",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77261137",
            "parentcaller": "0x75897ab1",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6648:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x75897cac",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x7582f2ae",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000310"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77265900",
            "parentcaller": "0x75897c8b",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              }
            ],
            "repeated": 1,
            "id": 485
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x7582f2ae",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\windows.storage"
              },
              {
                "name": "BaseAddress",
                "value": "0x75700000"
              },
              {
                "name": "InitRoutine",
                "value": "0x758db920"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e8ff5f",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77ae5000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77ae5000"
              },
              {
                "name": "ModuleName",
                "value": "shell32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-04-27 21:05:17,775",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x76f70000"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-04-27 21:05:17,807",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x772833ec"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-04-27 21:05:18,478",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x7726961e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-04-27 21:05:18,478",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x7726961e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x75260000"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x758a5bf1",
            "parentcaller": "0x757e6154",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 493
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x758a5bf1",
            "parentcaller": "0x757e6154",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7388b8a4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726f231",
            "parentcaller": "0x7388b825",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FlushProcessWriteBuffers"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb3930"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73896fc7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetWriteWatch"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0590"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "ResetWriteWatch"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0740"
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x77275e92",
            "parentcaller": "0x77275e55",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x040e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x73897046",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "Kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMemoryResourceNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac9950"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "QueryMemoryResourceNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ae4380"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x7724e4c2",
            "parentcaller": "0x73897085",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\LowMemoryCondition"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05560000"
              },
              {
                "name": "RegionSize",
                "value": "0x02000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05130000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a0000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-04-27 21:05:18,494",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06560000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000035c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00a69540"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "4036"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000035c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00a69540"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "4036"
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x7727d303",
            "parentcaller": "0x7386ba5f",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000035c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "4036"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "6700",
            "caller": "0x73910bc8",
            "parentcaller": "0x738d69ba",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 522
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07561000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-04-27 21:05:18,619",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-04-27 21:05:18,635",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-04-27 21:05:18,635",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738d455e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-04-27 21:05:18,635",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              },
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-04-27 21:05:18,635",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738d455e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\indexc.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "indexc"
              },
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "NIUsageMask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xe1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\NIUsageMask"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              },
              {
                "name": "ValueName",
                "value": "ILUsageMask"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xf1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\ILUsageMask"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738882f8",
            "parentcaller": "0x73888318",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738d4593",
            "parentcaller": "0x738d471e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7383dd78",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "1"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7383dde9",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x7383de65",
            "parentcaller": "0x7383ded6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\x07\\xfe\\xde\\xcf;\\x96LM&\\xa6\\xec\\x99B&\\xef\\xe4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MVID"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\181938c6\\7950e2c5\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\Status"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc5\\xe2Py\\xba{\\xb8\\x0c\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\7950e2c5\\cb87bba\\1"
              },
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "8198"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Status"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "Data",
                "value": "sortkey.nlp|sorttbls.nlp|big5.nlp|bopomofo.nlp|ksc.nlp|prc.nlp|prcp.nlp|xjis.nlp|normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Modules"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xb23\\xc7M\\xdf\\xb0\\xb0D\\xba\\xbf+\\xb7\\xcf\\xfd\\xf4\\xab\\x91th\\x7f\\xa9w\\xa2\\xc6\\xae\\xd2Yqa\\xe9\\xe1\\x81\\x9d\\xe9K\\xa9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\SIG"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "m\\xa7>\\xfb\\x06\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x7388a3f3",
            "parentcaller": "0x7388a421",
            "category": "registry",
            "api": "RegCreateKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Access",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "mscorlib,2.0.0.0,,b77a5c561934e089,x86"
              },
              {
                "name": "Data",
                "value": "m\\xa7>\\xfb\\x06\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,x86"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-04-27 21:05:18,650",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 564
          },
          {
            "timestamp": "2026-04-27 21:05:19,150",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\07fedecf3b964c4d26a6ec994226efe4\\mscorlib.ni"
              },
              {
                "name": "DllBase",
                "value": "0x72c40000"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-04-27 21:05:19,150",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\07fedecf3b964c4d26a6ec994226efe4\\mscorlib.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c40000"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-04-27 21:05:19,150",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x72c40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\07fedecf3b964c4d26a6ec994226efe4\\mscorlib.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-04-27 21:05:19,244",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 568
          },
          {
            "timestamp": "2026-04-27 21:05:19,244",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-04-27 21:05:19,244",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72de0618"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-04-27 21:05:19,244",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x7383bded",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.INI"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-04-27 21:05:19,244",
            "thread_id": "6700",
            "caller": "0x77260b65",
            "parentcaller": "0x73889acc",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "MutexName",
                "value": "Global\\CLR_CASOFF_MUTEX"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-04-27 21:05:19,275",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04070000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-04-27 21:05:19,400",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02922000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-04-27 21:05:19,650",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06562000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-04-27 21:05:19,728",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77265900",
            "parentcaller": "0x738d8c84",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ace2b9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x76ace2c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a834b8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a83378",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb450bd8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a830b8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45caeb0"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a82e38",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a83178",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xb45f137b"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcac11"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x76ace434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x00a82df8",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x5772d36c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dcacc6"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77275d68",
            "parentcaller": "0x76ace44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ace569",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ac6d31",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x76ac6d41",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77262ba1",
            "parentcaller": "0x76ac7095",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 600
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x772628b2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77060000"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoInitializeEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77bfd0d0"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x772656f1",
            "parentcaller": "0x77be835f",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77c708e6",
            "parentcaller": "0x77c70886",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e8ff5f",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e9112f",
            "parentcaller": "0x77e8f0c9",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e912bc",
            "parentcaller": "0x77e91427",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1e71",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77ea1ee8",
            "parentcaller": "0x77ea1ea1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e79ddb",
            "parentcaller": "0x77e8b530",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e8f149",
            "parentcaller": "0x77e923c8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x77e90da0",
            "parentcaller": "0x77e7e523",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 616
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 617
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9699",
            "parentcaller": "0x750d940b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 619
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9851",
            "parentcaller": "0x750d8c22",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9890",
            "parentcaller": "0x750d8c22",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-04-27 21:05:19,791",
            "thread_id": "6700",
            "caller": "0x750d9931",
            "parentcaller": "0x750d8c22",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76d80000"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76db3a14",
            "parentcaller": "0x76da92e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76db3a31",
            "parentcaller": "0x76da92e7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76db3a5f",
            "parentcaller": "0x76da92e7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9836",
            "parentcaller": "0x76da973c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9858",
            "parentcaller": "0x76da973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da98e5",
            "parentcaller": "0x76da973c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9907",
            "parentcaller": "0x76da973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000388"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da995a",
            "parentcaller": "0x76da973c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000384"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9985",
            "parentcaller": "0x76da973c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000384"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9993",
            "parentcaller": "0x76da973c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000388"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da9790",
            "parentcaller": "0x76da9351",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da96e4",
            "parentcaller": "0x76da9643",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000388"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da966e",
            "parentcaller": "0x76da95e5",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000388"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\xc0R\\x7f\\x19\\xb3h\\xc5\\x1bx\\xf3\\x1c\\xc1 \\x90\\xbb\\x95\\x16\r\\x91\\xe4\\x06\\xfb~V\\xe3\\xe2\\x18\\xc3\\xbe\\x84\\xd8\\xe0\\x1d>\\xfat\\x9a\\xfe\\x93\\x10\\x94\\x00U\\x91\\x0b\\x05\\xb5\\xe9"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x76da966e",
            "parentcaller": "0x76da95e5",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76db36c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e8ff5f",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a9b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e8ff5f",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 641
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e8ff94",
            "parentcaller": "0x77e8fe54",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x75d4f2f1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x745d0000"
              }
            ],
            "repeated": 0,
            "id": 643
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x75d4f2f1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x745d0000"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x772696ea",
            "parentcaller": "0x75d4f331",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x745d0000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74604330"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x7460456c",
            "parentcaller": "0x7460434f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e93999",
            "parentcaller": "0x77e6d7e4",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xf0}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0>`t\\xd5}P;\\x90\\xf1}\\x00\\xe1>`t"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77e6d817",
            "parentcaller": "0x7727b6b7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000390"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77257324",
            "parentcaller": "0x77256e95",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000390"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77256a63",
            "parentcaller": "0x77256853",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000394"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77257f8b",
            "parentcaller": "0x7725632a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000394"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x77257f8b",
            "parentcaller": "0x7460451b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000390"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x7386cc0a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "QueryActCtxW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac8760"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "4036",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77060000"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "4036",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77060000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "4036",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetContextToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c72020"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-04-27 21:05:19,807",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76ab0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad18a0"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-04-27 21:05:20,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetVersionExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad18a0"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-04-27 21:05:20,322",
            "thread_id": "6700",
            "caller": "0x0290a110",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\l_intl.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x7727081d",
            "parentcaller": "0x73887c47",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\l_intl.nls"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x00\\x00\\x00\\x00\\x00\\x00\\xc6&\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\l_intl.nls"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x7726f16b",
            "parentcaller": "0x73887c8b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04120000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dead4"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73887c9a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b0"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-04-27 21:05:20,369",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73887c9d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad33d0"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00a9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00aa0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73910bc8",
            "parentcaller": "0x738d69ba",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x77277bae",
            "parentcaller": "0x73e52c0b",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003ac"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e50f0e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73e17a31",
            "parentcaller": "0x73e523f8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x73e1760b",
            "parentcaller": "0x73e50b0a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-04-27 21:05:20,447",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ab1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-04-27 21:05:20,572",
            "thread_id": "6700",
            "caller": "0x758a5bf1",
            "parentcaller": "0x757e6154",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-04-27 21:05:20,572",
            "thread_id": "6700",
            "caller": "0x758a5bf1",
            "parentcaller": "0x757e6154",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000020",
                "pretty_value": "CSIDL_INTERNET_CACHE"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-04-27 21:05:20,572",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 689
          },
          {
            "timestamp": "2026-04-27 21:05:20,572",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ab3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-04-27 21:05:20,572",
            "thread_id": "6700",
            "caller": "0x77264429",
            "parentcaller": "0x7383db34",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x77277bae",
            "parentcaller": "0x73910d86",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 1,
            "id": 692
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              },
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738d455e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              },
              {
                "name": "ValueName",
                "value": "LatestIndex"
              },
              {
                "name": "Data",
                "value": "12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x738d4593",
            "parentcaller": "0x738d471e",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\5aa75839\\10fdf3"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5aa75839\\10fdf3"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 697
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x7383bded",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.INI"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02921000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02923000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-04-27 21:05:20,588",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05562000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-04-27 21:05:20,744",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0408b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-04-27 21:05:20,744",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04087000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-04-27 21:05:20,744",
            "thread_id": "6700",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000294"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x73938391",
            "parentcaller": "0x739383dd",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7727081d",
            "parentcaller": "0x73833265",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x000\\x03\\x00\\x00\\x00\\x00\\x00\\x00,\\x03\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77260e58",
            "parentcaller": "0x77260abe",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7727675b",
            "parentcaller": "0x7727669e",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007df334"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "AdvApi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76ea0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "AdvApi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptAcquireContextA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebfc30"
              }
            ],
            "repeated": 0,
            "id": 714
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptReleaseContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf5c0"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptCreateHash"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebef10"
              }
            ],
            "repeated": 0,
            "id": 716
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptDestroyHash"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf440"
              }
            ],
            "repeated": 0,
            "id": 717
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptHashData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf130"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetHashParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebec70"
              }
            ],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptImportKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf0f0"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptExportKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf110"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGenKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ec46f0"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetKeyParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed4820"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptDestroyKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf4a0"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptVerifySignatureA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed49a0"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptSignHashA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed4960"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetProvParam"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed4840"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptGetUserKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed4860"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CryptEnumProvidersA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ed47c0"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7388680d",
            "parentcaller": "0x738869a8",
            "category": "registry",
            "api": "RegOpenKeyExA",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\StrongName"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74173190"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e40220"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726978d",
            "parentcaller": "0x76acf564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              },
              {
                "name": "FunctionName",
                "value": "GetMetaDataInternalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73847f3b"
              }
            ],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77270c75",
            "parentcaller": "0x738472ac",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73913dfd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x73913e09",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003ac"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x772627d9",
            "parentcaller": "0x77262732",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77265900",
            "parentcaller": "0x738d1083",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              },
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738d4e9e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Data",
                "value": "5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\pubpol5.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "index5"
              },
              {
                "name": "Data",
                "value": "\\x1f"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x738d4f8b",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              },
              {
                "name": "ValueName",
                "value": "LegacyPolicyTimeStamp"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77277bae",
            "parentcaller": "0x73910d86",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-04-27 21:05:21,041",
            "thread_id": "6700",
            "caller": "0x77277bae",
            "parentcaller": "0x73910d86",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ab5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7726249c",
            "parentcaller": "0x738d51e0",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ab7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7726249c",
            "parentcaller": "0x738d51e0",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "18712"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7726269a",
            "parentcaller": "0x738d5e06",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 755
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Windows.Forms__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7383dd78",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73841a80",
            "parentcaller": "0x7383dde9",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7383de65",
            "parentcaller": "0x7383ded6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064\\e"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\x19N\\x1e\\x92\\xbf\\xaeS\\x96\\x08e\\x18\\xc2\\xec\n\\x0ft"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MVID"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\61e7e666\\c991064\\e"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\Status"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "@\\xce]G\\xb6\\xf9\\x10\\x19\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xac\\xd6-\\xb7\\xf8\\xf1%\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00~L\\xc0AT\\xf5Wz\\x1d\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc5Y\\xed<\\x00\\xa2\\x0bb\\x0e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x10\\x99\\x0cX\\xb0\\xeb\\x7f\\x1e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x06\\xca<\\xc0\\xd4\\xc7m\\x0f\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\475dce40\\1910f9b6\\2"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Security,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Status"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Modules"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x08\\x03VdL\\xe0}B\\xb3\\x80\\x140i\\xbf^\\xfcT0=\\xdb\\xb5\\x9b\\x9b[1\\xba\\xbe\\xf8I\\x1e\n\\x06G\\xa7\\xbf "
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\SIG"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\19ab8d57\\2ea32674\\7"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Status"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Modules"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xb2\\x1aNYhyhC\\xa1\\xe5\\x96\\xe9\\x9a\\xf9@\\xad\\x19-\\x99{\\x90v\\xc4\\xa3+&d\\x93s{\\x8e\\xce\\x92\\x18\\xc5\\xc6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\SIG"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\2dd6ac50\\25f1f8b7\\3"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Status"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "z\\xb1\\xaa^\\x82\\x82\\x9bJ\\x84\\x94\\xe5%\\x92\\xf5P\r\\xd2\\xaf\\x11Z\\xf2&\\x19R\\x02V\\x821_\\\\xabW\\xeb\\xe8\\xb4\\xef"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\424bd4d8\\cc504d5\\6"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Status"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-04-27 21:05:21,057",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Modules"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": ";\\xf2\\x93\\x1d\\xca\\xffYI\\xab\\xdc&X\\x07\\xe4$-!M\\xd0D\\x87\\xd2\\xcbu\\xd7)\\x06\\xd2\\xf2\\x1b\\x07\n{\\xefi\\xab"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\SIG"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\41c04c7e\\7a57f554\\1d"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Status"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Modules"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "P\\xd0O\\xcbR]\\x90@\\x85\\x86M\\x87\\x82\r\\xa8\\xdd~\\x17\\xf4\\xe2\\x84\\xca\\x8c\\xfd-\\xacs\\xce\\xf7 \\xc3/\\xb3\\xcft\\xbf"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\SIG"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\3ced59c5\\620ba200\\e"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Status"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Modules"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xe1\\x8a\\xf5\\x0e\\xe2q\\x8bN\\x97\nB#\\x17\\x8a\\xe6\\xf3\\xe4i\\x1a\\xeeJVa\\\\xcb\\x0ff)\\x08UQ\\x86\\x80E\\x08\\x1a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\SIG"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\c991064\\7febb058\\1e"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Status"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Modules"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x84\\xda\\xb9\\xe2\\xe1\\5I\\x8c\\xe5a\\xb1\\xb8\\x91\\xd5\\xf7\\xeeKz\\x06#R\\x17\\xc9\\xbf0\\xed\\xbb\\x91p\\x9a#Zk@\\xd5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\SIG"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\30bc7c4f\\3f50fe4f\\8"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\xc6\r\\xd1\\xee\\x84;\\xa8\\xff\\x9e\\xe7\\xed\\xcdc\\x029;"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\Status"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\xfeP?\\xe6\\xad\\xb2G\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 830
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\3f50fe4f\\47b2ade6\\8"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Status"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Modules"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\xd40\\\\x82\\xcf\\xa4LF\\xb7\\xeb\\xb8\\x14XT\\xd1\\xf81\\x82\\x8d\\xfa\\x12E\\x8d}\\x7f\\x90'\\xf5\\xa5\\x82\\xdb\\x0c\\x14c\\x12\\x1a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\SIG"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\3cca06a0\\6dc7d4c0\\f"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\xa0=\\xd8\\x87\\x19)\\x95\\h\\x022h,\\x94d\\xa0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\Status"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc0\\xd4\\xc7m\\x16\\x96\\x94$\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x7384b7d1",
            "parentcaller": "0x7384b8c2",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\6dc7d4c0\\24949616\\10"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Status"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Modules"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "\\x7fX\\xbb\\xfa\\x0e\\xf2\\xcbD\\x91\\xf4^\\x19\\xf6\r\r\\x0c\\xab\\x0eq\\xfcgB\\x12\\xe3\\xe8\\xe5\\x99Q\\x80\\xb8\\x0bu\\xdc\\x16\\x14?"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\SIG"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7384b3c2",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738c3118",
            "parentcaller": "0x738c2e31",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Drawing__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Xml__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Configuration__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-04-27 21:05:21,072",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 868
          },
          {
            "timestamp": "2026-04-27 21:05:21,525",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\c60dd1ee843ba8ff9ee7edcd6302393b\\System.ni"
              },
              {
                "name": "DllBase",
                "value": "0x72490000"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-04-27 21:05:21,541",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\c60dd1ee843ba8ff9ee7edcd6302393b\\System.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72490000"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-04-27 21:05:21,541",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x72490000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\c60dd1ee843ba8ff9ee7edcd6302393b\\System.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-04-27 21:05:21,603",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 872
          },
          {
            "timestamp": "2026-04-27 21:05:22,057",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\a03dd8871929955c680232682c9464a0\\System.Drawing.ni"
              },
              {
                "name": "DllBase",
                "value": "0x72300000"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-04-27 21:05:22,072",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\a03dd8871929955c680232682c9464a0\\System.Drawing.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72300000"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-04-27 21:05:22,072",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x72300000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\a03dd8871929955c680232682c9464a0\\System.Drawing.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Deployment__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.Accessibility__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x7383d9eb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Security__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x73832c2e",
            "parentcaller": "0x7388422f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              },
              {
                "name": "Data",
                "value": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-04-27 21:05:22,119",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 884
          },
          {
            "timestamp": "2026-04-27 21:05:22,338",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\194e1e92bfae5396086518c2ec0a0f74\\System.Windows.Forms.ni"
              },
              {
                "name": "DllBase",
                "value": "0x71720000"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-04-27 21:05:22,338",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\194e1e92bfae5396086518c2ec0a0f74\\System.Windows.Forms.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71720000"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-04-27 21:05:22,338",
            "thread_id": "6700",
            "caller": "0x77261d96",
            "parentcaller": "0x73857f86",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71720000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\194e1e92bfae5396086518c2ec0a0f74\\System.Windows.Forms.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-04-27 21:05:22,353",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 888
          },
          {
            "timestamp": "2026-04-27 21:05:22,353",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-04-27 21:05:22,353",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x007de15c"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-04-27 21:05:22,369",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x7383bded",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.INI"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-04-27 21:05:22,369",
            "thread_id": "6700",
            "caller": "0x738fbaa0",
            "parentcaller": "0x738b635b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-04-27 21:05:22,447",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00abc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-04-27 21:05:22,463",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00abd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-04-27 21:05:22,463",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00abe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 895
          },
          {
            "timestamp": "2026-04-27 21:05:22,463",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 896
          },
          {
            "timestamp": "2026-04-27 21:05:22,463",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 897
          },
          {
            "timestamp": "2026-04-27 21:05:22,463",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x007ddee8"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-04-27 21:05:22,478",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x7383bded",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.INI"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-04-27 21:05:22,557",
            "thread_id": "6700",
            "caller": "0x76ad1e6a",
            "parentcaller": "0x7383a7ab",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 900
          },
          {
            "timestamp": "2026-04-27 21:05:22,557",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-04-27 21:05:22,557",
            "thread_id": "6700",
            "caller": "0x7726074f",
            "parentcaller": "0x738817cb",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x007ddee8"
              }
            ],
            "repeated": 0,
            "id": 902
          },
          {
            "timestamp": "2026-04-27 21:05:22,557",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02924000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-04-27 21:05:22,557",
            "thread_id": "6700",
            "caller": "0x77264566",
            "parentcaller": "0x7383bded",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.INI"
              }
            ],
            "repeated": 0,
            "id": 904
          },
          {
            "timestamp": "2026-04-27 21:05:22,666",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02925000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-04-27 21:05:22,682",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ac0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-04-27 21:05:22,697",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ac2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-04-27 21:05:22,697",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ac5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-04-27 21:05:22,697",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02926000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-04-27 21:05:22,697",
            "thread_id": "6700",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0292c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-04-27 21:05:22,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x76ad24ac"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-04-27 21:05:22,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit"
              },
              {
                "name": "DllBase",
                "value": "0x716c0000"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-04-27 21:05:22,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x716c0000"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-04-27 21:05:22,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x716c0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-04-27 21:05:22,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x716c0000"
              },
              {
                "name": "FunctionName",
                "value": "getJit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x717093fe"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-04-27 21:05:22,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-04-27 21:05:22,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "IsWow64Process"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad06e0"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-04-27 21:05:23,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04150000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-04-27 21:05:23,135",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-04-27 21:05:23,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-04-27 21:05:23,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\1c22df2f\\4f99a7c9"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\1c22df2f\\4f99a7c9"
              }
            ],
            "repeated": 0,
            "id": 921
          },
          {
            "timestamp": "2026-04-27 21:05:23,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-04-27 21:05:23,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-04-27 21:05:23,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-04-27 21:05:23,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 925
          },
          {
            "timestamp": "2026-04-27 21:05:23,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-04-27 21:05:23,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003bc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-04-27 21:05:23,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07660000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dad50"
              },
              {
                "name": "ViewSize",
                "value": "0x000a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-04-27 21:05:23,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07710000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dad50"
              },
              {
                "name": "ViewSize",
                "value": "0x000a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-04-27 21:05:23,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-04-27 21:05:23,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 931
          },
          {
            "timestamp": "2026-04-27 21:05:23,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-04-27 21:05:23,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04132000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-04-27 21:05:23,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04138000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-04-27 21:05:23,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02927000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-04-27 21:05:23,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04139000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x07660000"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x07660000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-04-27 21:05:23,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-04-27 21:05:23,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ac8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-04-27 21:05:24,057",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0088",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0088",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0088",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0088",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-04-27 21:05:24,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0191",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-04-27 21:05:24,291",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0191",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-04-27 21:05:24,432",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-04-27 21:05:24,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-04-27 21:05:24,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 956
          },
          {
            "timestamp": "2026-04-27 21:05:24,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75460000"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-04-27 21:05:24,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x754615c0"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-04-27 21:05:24,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x000007a4",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-04-27 21:05:24,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x754615e0"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-04-27 21:05:24,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 961
          },
          {
            "timestamp": "2026-04-27 21:05:24,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75460000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75461560"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-04-27 21:05:24,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02928000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-04-27 21:05:25,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-04-27 21:05:25,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-04-27 21:05:25,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-04-27 21:05:26,166",
            "thread_id": "6700",
            "caller": "0x051e03f6",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f6c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-04-27 21:05:26,166",
            "thread_id": "6700",
            "caller": "0x051e03f6",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f6c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 968
          },
          {
            "timestamp": "2026-04-27 21:05:26,603",
            "thread_id": "6700",
            "caller": "0x051e03f6",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f6b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-04-27 21:05:26,619",
            "thread_id": "6700",
            "caller": "0x051e03f6",
            "parentcaller": "0x051e02c1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7f6b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-04-27 21:05:28,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0407a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-04-27 21:05:28,369",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-04-27 21:05:28,369",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x051e03f6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\ru-ru.nlp"
              }
            ],
            "repeated": 0,
            "id": 973
          },
          {
            "timestamp": "2026-04-27 21:05:28,369",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-04-27 21:05:28,369",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserDefaultUILanguage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1f60"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-04-27 21:05:28,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00acb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-04-27 21:05:29,697",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-04-27 21:05:29,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-04-27 21:05:29,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77e40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-04-27 21:05:29,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb2df0"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-04-27 21:05:29,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "206"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-04-27 21:05:29,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-04-27 21:05:30,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d10000"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-04-27 21:05:30,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75d10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "user32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-04-27 21:05:30,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-04-27 21:05:30,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4f550"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-04-27 21:05:30,947",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d44920"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-04-27 21:05:30,994",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0293a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-04-27 21:05:31,010",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02937000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustWindowRectEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3d860"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2e80"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace7b0"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ef0"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x0290a58c",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003c4"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThreadId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acdf10"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02932000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "lstrlen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0440"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "lstrlenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace0b0"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0e50"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x0290a2ee",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf550"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x0290a718",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ec7fa0"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a80000"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76a80000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a85e50"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-04-27 21:05:31,510",
            "thread_id": "6700",
            "caller": "0x051e05d6",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 2,
            "id": 1007
          },
          {
            "timestamp": "2026-04-27 21:05:31,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1008
          },
          {
            "timestamp": "2026-04-27 21:05:31,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3f1d0"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x0290a10e",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c57f90"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x0290a129",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c583b0"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3f220"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45420"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d48510"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04082000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ea0000"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76ea0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebeb20"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe9b0"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x029108ec",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe8e0"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x029108ec",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "ValueName",
                "value": "DbgJITDebugLaunchSetting"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x029108ec",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "ValueName",
                "value": "DbgManagedDebugger"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45420"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-04-27 21:05:31,963",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d453f0"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-04-27 21:05:31,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetClientRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d44cc0"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-04-27 21:05:31,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d44a40"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-04-27 21:05:31,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e05d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetParent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d47310"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x745d0000"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x745d0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x745d0000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemed"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x745fc880"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x745d0000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemedW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-04-27 21:05:32,463",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dea84"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dea84"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x051e0623",
            "parentcaller": "0x051e03f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-04-27 21:05:32,478",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtxA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76b08dc0"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-04-27 21:05:32,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0623",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0290b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-04-27 21:05:32,557",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-04-27 21:05:32,822",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-04-27 21:05:32,838",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07830000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x004ce000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-04-27 21:05:32,838",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-04-27 21:05:32,838",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-04-27 21:05:32,838",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-04-27 21:05:33,166",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x76ad24ac"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-04-27 21:05:33,400",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-04-27 21:05:33,400",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c8"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-04-27 21:05:33,400",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0623",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-04-27 21:05:33,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ae3460"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-04-27 21:05:33,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "ActivateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0ac0"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-04-27 21:05:34,057",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-04-27 21:05:34,072",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ba0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000d4000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-04-27 21:05:34,088",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c68000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-04-27 21:05:34,088",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-04-27 21:05:34,088",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c64000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c8"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76c64000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\t\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8ce\\x92\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x004J\\xc8r\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\e\\x92\\x02\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80e\\x92\\x02"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1076
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1078
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msctf.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003c8"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-04-27 21:05:34,307",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x76ba0000"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ba0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76bee040"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x774fd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x774fd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x774fd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x774fd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-04-27 21:05:34,557",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-04-27 21:05:34,760",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\ThemeSection"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-04-27 21:05:34,760",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dddb4"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-04-27 21:05:34,760",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Windows\\Theme3753190323"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-04-27 21:05:34,760",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "\\Sessions\\1\\Windows\\Theme4068553709"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07830000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007de440"
              },
              {
                "name": "ViewSize",
                "value": "0x000e2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051f0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007de440"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e724f0"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb40c0"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70780"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eac2a0"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea52e0"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:6648:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1110
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003d4"
              }
            ],
            "repeated": 1,
            "id": 1112
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLength"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLengthW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4a4c0"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-04-27 21:05:34,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d49d50"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d517d0"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3bd50"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3960"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandlerW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-04-27 21:05:35,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0e50"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3df90"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3f1d0"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d3f220"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-04-27 21:05:35,025",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ec7fa0"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-04-27 21:05:35,228",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02936000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-04-27 21:05:35,228",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290a8b3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1550"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowPlacement"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51950"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07821000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07822000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e0"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07824000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-04-27 21:05:35,244",
            "thread_id": "6700",
            "caller": "0x0290a8b3",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07825000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-04-27 21:05:35,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d44920"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-04-27 21:05:35,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4e9f0"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-04-27 21:05:35,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76a80000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a85ec0"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4e390"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "CreateIconFromResourceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d34850"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x0290b78c",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a9f000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45540"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-04-27 21:05:35,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMenu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51860"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003cc"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003cc"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\USER32.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\user32.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007de2a8"
              },
              {
                "name": "ViewSize",
                "value": "0x00008000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "EnableMenuItem"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d301c0"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45540"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x029108ec",
            "parentcaller": "0x0290b843",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00acd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowPos"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d52370"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51e90"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-04-27 21:05:35,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "ShowWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d523d0"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-04-27 21:05:35,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-04-27 21:05:35,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45540"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-04-27 21:05:35,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowThreadProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4a660"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45490"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290bbbb",
            "parentcaller": "0x029108ec",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77060000"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77060000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "OleInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77083a30"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051e01a2",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051e01a2",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetInterface"
              },
              {
                "name": "Atom",
                "value": "0x0000c01b"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051e01a2",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetMarshalHwnd"
              },
              {
                "name": "Atom",
                "value": "0x0000c01c"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoRegisterMessageFilter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7708dc80"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1195
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4b400"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindowUnicode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45ac0"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4b390"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "TranslateMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4a1d0"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e01a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "DispatchMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d456b0"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290bdc7",
            "parentcaller": "0x051e01a2",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49238"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x0290bdc7",
            "parentcaller": "0x051e01a2",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49239"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-04-27 21:05:35,916",
            "thread_id": "6700",
            "caller": "0x051e066e",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetFocus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4e960"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-04-27 21:05:36,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0674",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00acf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-04-27 21:05:36,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0674",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02929000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-04-27 21:05:37,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0674",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-04-27 21:05:38,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0790",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-04-27 21:05:38,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0790",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0900"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-04-27 21:05:38,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0797",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetCurrentDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-04-27 21:05:38,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0797",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetCurrentDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac8fb0"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-04-27 21:05:38,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FindResourceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-04-27 21:05:38,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "FindResourceExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acb210"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0292a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x0290b3a7",
            "parentcaller": "0x051e0b2f",
            "category": "misc",
            "api": "FindResourceExA",
            "status": true,
            "return": "0x00632048",
            "arguments": [
              {
                "name": "Module",
                "value": "0x00000000"
              },
              {
                "name": "Type",
                "value": "#10"
              },
              {
                "name": "Name",
                "value": "#1"
              },
              {
                "name": "Language",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "LoadResource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace840"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x0290bfbd",
            "parentcaller": "0x051e0b48",
            "category": "misc",
            "api": "LoadResource",
            "status": true,
            "return": "0x00632058",
            "arguments": [
              {
                "name": "Module",
                "value": "0x00000000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x00632048"
              }
            ],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b64",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SizeofResource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0480"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x0290bfbd",
            "parentcaller": "0x051e0b64",
            "category": "misc",
            "api": "SizeofResource",
            "status": true,
            "return": "0x00015f50",
            "arguments": [
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              },
              {
                "name": "ResourceInfo",
                "value": "0x00632048"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0b7c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "LockResource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf340"
              }
            ],
            "repeated": 0,
            "id": 1220
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x0290a3a6",
            "parentcaller": "0x051e0b7c",
            "category": "misc",
            "api": "LockResource",
            "status": true,
            "return": "0x00632058",
            "arguments": [
              {
                "name": "ResourceData",
                "value": "0x00632058"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-04-27 21:05:39,025",
            "thread_id": "6700",
            "caller": "0x051e0b93",
            "parentcaller": "0x051e0935",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06572000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\cryptsp.dll"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-04-27 21:05:39,869",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75280000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75290000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7528f000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1233
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7528f000"
              },
              {
                "name": "ModuleName",
                "value": "CRYPTSP.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1235
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1236
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1238
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP.dll"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cryptsp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1240
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP"
              },
              {
                "name": "DllBase",
                "value": "0x75280000"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\cryptsp"
              },
              {
                "name": "BaseAddress",
                "value": "0x75280000"
              },
              {
                "name": "InitRoutine",
                "value": "0x75285d30"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76f14000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76f14000"
              },
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-04-27 21:05:39,885",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\rsaenh"
              },
              {
                "name": "DllBase",
                "value": "0x74c10000"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c10000"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": ""
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptprimitives.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x051e0ca2",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76160000"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcrypt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76160000"
              },
              {
                "name": "FunctionName",
                "value": "BCryptGetFipsAlgorithmMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76169570"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0cb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-04-27 21:05:39,900",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e4"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 1260
          },
          {
            "timestamp": "2026-04-27 21:05:39,916",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-04-27 21:05:39,916",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e0"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-04-27 21:05:39,916",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003e4"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-04-27 21:05:39,916",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e4"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-04-27 21:05:39,916",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e0cb7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003e0"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\x0b\\xdc\\xe1\\\\xba\\x04H@\\xaa\\x8d\\xca\\xa05L\tr"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x01"
              },
              {
                "name": "Length",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "e\\xf6\\x92\\x89a\\x80\\\\xe8rA\\x87\\x84\\x17\\x8dmr!\\xfa\\x98\\xf6"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ":k\\x8cj\\x9b\\xbe\\xa4\\x05\\xd0\\x81\\x99\\x9b$\\xecT\\xef*\\xdd\\xfaa"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1278
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\x95\\x96\\xb9B\\x9a\\x8fi\\xec\\x123\\xe0\\xd9Q\\xf9=?\\xbc\\x18#\\xa0"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1281
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1285
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1286
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1287
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "\\xa6\\xc1\\x82>\\xee\\x01^\\xd5\"\\xa0&b\\xbbu\\x1f\\x9b\\xe8\\x93l\\xa7"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "a\\xbci\\xf630\\xb4x\\xf7u\\xcb\"\\xe2J\\x00\\x82#\\xcc0\\xfd"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1295
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\xdck\\x07\r6<\\x19\\xf4\\xa9bOX\\xa5hjt\\xdc\\xc1\\xe2z"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\x82\\xaf<\\xc4e\\xa5@.>\\xc4\\x84\\x0fw\\x96\\xd2\\x174\\xbf\\xd6H"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\xb650H\\x86\\xe2\\x90\\x16\\x9c\\xb9\\xf2\\xea\\x87\\x10\\xc9W<\\xb8+,"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\xeb`\\xda\\xa4K?\\xf4\\xd6\\xcahV}p\\xc0A\\x14\\x8d\\x89C\\xa7"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "@\\xd6ZW\\x92\\xc8H\\xfe[\\x04I\\xbe\\xa6Z\\x01%\\xbd\\xcc/x"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\xc5n4\\x9b\\xce\\x8c\\xc7q\\x08\\xd8\\x1dn\\x86n*>P\\xbf\\xf43"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\xfd$rW\\xd8\\xb4\\xb3\\xd5\\xb4\\x9c\\x90\\xf9\\xb3\\x1f\\x19\\x9d=\\x01\\xfeR"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "\\xb1\\x82\\xf1\\xb8\\xc0\\x03\\x94rB\\xe9\\xc3\\xbc\\x80\\xe5\\x9c\\x8e\\xff\\x02h\\x9e"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "0\\xe4w\\xf7\\x87\\xc5\\xc1\\x11\\xbc\\xf9\t\\\\x97\\x19]U\\xf4\\xd4S\\x08"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "Z\\xf8\\x0b\\x81\\xe5\\xaf\\xbd\\xc4\\x08\\x9d+:\\xcc\\xba>4\\xd3\\x13\\xb41"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cc5",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\x0b\\xdc\\xe1\\\\xba\\x04H@\\xaa\\x8d\\xca\\xa05L\tr"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x02"
              },
              {
                "name": "Length",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "!g\\xf7\\xf5\\xb7~\\x9e\\xef\\x08\\xfa\\xd7\\xc0\\xce\\xcbsZ\t\\x9b8\\xea"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "\\xe6m\\xd8+/X\\x10\\x1c\\x98\t\\xbb\\xbf\\xb6\\x8c\\xadL\\xc9!\\xaeS"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "?\\xe1\\xc0\\x1f\\xf0d\\xe4\\x94\\x94.\\x90Cw@\\xa4Q\\x88\"yE"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "XNZ\\xdf\\xfad\\xd4X\\xd2\\xf1\\x1d\\x94>`\\x9e\\xe0\\x17Z2%"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "\\xae\\x19s\\xb4,\\xeb\\x13]\\xf8\\x01\\x993R^\\x1c\\x12\\xe7;p\\xdb"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\xcf\\x83Wp\\x0bN\\x82\\xcd\\xbfX51\\xd0\\x990\\x02\\xae\\xa4\\x1f\\xb4"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": "jp\\xdc\\x1aK\\x7f\\x07\\x9b\\x84\\x88\\x16\\xd2Ae\\x16\\xf6Z\\x95A\\x08"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": " ~&\\x19\\x82\\x8f\tnv\\xf1\\x19\\xdd\\xf7\\x80<R\\x86\nU\n"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-04-27 21:05:39,963",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "`6\\xef\\xd58s\\x9f\\x98t\\x86\\x97\\x9f3x\\xa4\\xec\\xf4\\xbf\\xc1*"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\xfc\\x14:>\n \\xca~\\xd6\\xd4\\x10\\xe3\\xc5\\xd7#\\xad\\xed\\xb8{c"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "\\xb5\\xc6\\x91'\\xa8\\xa9\\xdf\\xdfwr\\xd2\\xe7\\x10\\x82\\xbf)\\xa5+7J"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "\\x9c\\xe6\\xbaJ\\xe9\\xd3\\xb9e\\x17e\\xf5g\\x1cd\\x89\\xd4\\x06\"\\xcd\\xa1"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "Yc~\\x11E\\xc2\\x07\\x8b\\xb5\\xb0\\xc6\\x9e\\xa0\\x82\\xd3\\xd9\\xdcC\\xdbD"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "=\\xea\\xd7j\\x8c2~v\\x9c\\xbb\\xfc\\x96\\x03z?D666666666666666666666666666666666666666666666666"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": "v\\Tr\\xa3\\xbc\\x1f\\x12x\\xebl\\x07\\xa0\\xa0P\\x15\\x9bO\\xb6z"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "W\\x80\\xbd\\x00\\xe6X\\x14\\x1c\\xf6\\xd1\\x96\\xfci\\x10U.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": "-\\x92\\x07\\xf0\\xd1Q\\x9a@\\xb6\\xc3\\xddt$&\\x99$\\x8e\\xb6u\\xa3"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "Length",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a82df8"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-04-27 21:05:39,978",
            "thread_id": "6700",
            "caller": "0x051e0cda",
            "parentcaller": "0x051e09e4",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008004",
                "pretty_value": "SHA1"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-04-27 21:05:40,072",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e0ced",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05572000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-04-27 21:05:40,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-04-27 21:05:40,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e09fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04085000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-04-27 21:05:40,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e09fb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04080000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-04-27 21:05:41,150",
            "thread_id": "6700",
            "caller": "0x051e125c",
            "parentcaller": "0x051e09fb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c10000"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-04-27 21:05:41,150",
            "thread_id": "6700",
            "caller": "0x051e125c",
            "parentcaller": "0x051e09fb",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": ""
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-04-27 21:05:41,244",
            "thread_id": "6700",
            "caller": "0x051e125c",
            "parentcaller": "0x051e09fb",
            "category": "crypto",
            "api": "CryptImportKey",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "\\x08\\x02\\x00\\x00\\x01f\\x00\\x00\\x08\\x00\\x00\\x00r \\x18x\\x8c)H\\x97"
              },
              {
                "name": "Flags",
                "value": "0x00000001"
              },
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-04-27 21:05:41,385",
            "thread_id": "6700",
            "caller": "0x051e1268",
            "parentcaller": "0x051e09fb",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c10000"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-04-27 21:05:41,385",
            "thread_id": "6700",
            "caller": "0x051e1268",
            "parentcaller": "0x051e09fb",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": ""
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-04-27 21:05:41,385",
            "thread_id": "6700",
            "caller": "0x051e1268",
            "parentcaller": "0x051e09fb",
            "category": "crypto",
            "api": "CryptImportKey",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "KeyBlob",
                "value": "\\x08\\x02\\x00\\x00\\x01f\\x00\\x00\\x08\\x00\\x00\\x00r \\x18x\\x8c)H\\x97"
              },
              {
                "name": "Flags",
                "value": "0x00000001"
              },
              {
                "name": "CryptKey",
                "value": "0x00a83938"
              },
              {
                "name": "Length",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-04-27 21:05:41,385",
            "thread_id": "6700",
            "caller": "0x051e0a0e",
            "parentcaller": "0x051e079d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06582000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-04-27 21:05:42,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-04-27 21:05:42,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-04-27 21:05:42,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-04-27 21:05:42,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-04-27 21:05:42,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-04-27 21:05:42,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-04-27 21:05:42,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-04-27 21:05:42,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-04-27 21:05:42,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-04-27 21:05:42,978",
            "thread_id": "6700",
            "caller": "0x051e1311",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ad0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-04-27 21:05:43,244",
            "thread_id": "6700",
            "caller": "0x051e1311",
            "parentcaller": "0x051e0a34",
            "category": "crypto",
            "api": "CryptDecrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a83938"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\xfe\\xdd\\x01\\x00\\xed\\xbd\\x07`\\x1cI\\x96%&/m\\xca{\\x7fJ\\xf5J\\xd7\\xe0t\\xa1\\x08\\x80`\\x13$\\xd8\\x90@\\x10\\xec\\xc1\\x88\\xcd\\xe6\\x92\\xec\\x1diG#)\\xab*\\x81\\xcaeVe]f\\x16@\\xcc\\xed\\x9d\\xbc\\xf7\\xde{\\xef\\xbd\\xf7\\xde{\\xef\\xbd\\xf7\\xba;\\x9dN'\\xf7\\xdf\\xff?\\fd\\x01l\\xf6\\xceJ\\xda\\xc9\\x9e!\\x80\\xaa\\xc8\\x1f?~|\\x1f?\"~\\x8d_\\xe3\\xd7\\xf8\\xf5\\x7f=\\xfa\\xe77\\xfb\\x83\\xfe\\xb6\\x17\\xf7\\xfe\\xe5\\x7f\\xed_\\xfe\\xf6\\xaf\\xf5k\\xbc\\xf85~\\x8d/~\\xeaO\\xfa5~m\\xfa\\xf4\\xd7\\xa1\\xff\\xff\\xdf\\xff\\xf7\\xaf\\xf1k\\xfc]\\xbf\\x86<\\xbf\\xa7\\xfe\\xdc\\xf4\\xfcA\\xf4\\xff\\xdf\\xe4w\\xf9{~\\x93_\\xe3o\\xfb\\xb1\\x7f\\xfew\\xfd\\xbb~\\xcd\\xe7\\xff\\xfc\\xef\\xfaf^4\\xe9\\xaa\\xae.\\xeal\\x91N\\xb3\\xe5\\xb2j\\xd3I\\x9e\\xd6\\xebeZ,\\xd3\\xa7_\\xbeN\\x17\\xd5,\\x1f\\xff\\xc6\\xbfq\\xf2\\xbb)\\x8c\\x97\\xa7\\xbf\\xc6\\xaf\\xf1\\xfc\\xd7\\xfc\\xb5\\x7f\\x8d\\xbf\\xfe\\xde/zc\\xe0\\xfeG"
              },
              {
                "name": "Length",
                "value": "89912"
              },
              {
                "name": "Final",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-04-27 21:05:43,244",
            "thread_id": "6700",
            "caller": "0x051e1311",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06594000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-04-27 21:05:43,244",
            "thread_id": "6700",
            "caller": "0x051e1311",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00acf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-04-27 21:05:43,244",
            "thread_id": "6700",
            "caller": "0x051e1311",
            "parentcaller": "0x051e0a34",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a83938"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "Y<&WU\\xc1\\x88\\x1e\\xa5\\xc1\\xe9\\xde&z\\xc6["
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-04-27 21:05:43,291",
            "thread_id": "6700",
            "caller": "0x051e1469",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-04-27 21:05:43,525",
            "thread_id": "6700",
            "caller": "0x051e148f",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05582000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-04-27 21:05:43,557",
            "thread_id": "6700",
            "caller": "0x051e16f1",
            "parentcaller": "0x051e0a34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-04-27 21:05:43,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0ad6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00acf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-04-27 21:05:43,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0adf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0adf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07800000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e22b5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-04-27 21:05:43,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e22b5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-04-27 21:05:44,057",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x079b0000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-04-27 21:05:44,057",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-04-27 21:05:45,057",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-04-27 21:05:45,775",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-04-27 21:05:45,791",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-04-27 21:05:45,807",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-04-27 21:05:45,807",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-04-27 21:05:45,807",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-04-27 21:05:45,807",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-04-27 21:05:45,853",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-04-27 21:05:45,869",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07810000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-04-27 21:05:46,166",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-04-27 21:05:46,166",
            "thread_id": "6700",
            "caller": "0x051e22d4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-04-27 21:05:46,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-04-27 21:05:46,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07940000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2264",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07940000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2490",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-04-27 21:05:47,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2490",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-04-27 21:05:47,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e260b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-04-27 21:05:47,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e260b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-04-27 21:05:47,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2624",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-04-27 21:05:47,291",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2624",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-04-27 21:05:47,291",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2ca5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-04-27 21:05:47,291",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2ca5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2d9e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2d9e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2dd9",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2dd9",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2e2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2e2f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-04-27 21:05:47,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2f61",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-04-27 21:05:47,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2f61",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-04-27 21:05:47,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2f61",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-04-27 21:05:47,353",
            "thread_id": "6700",
            "caller": "0x051e2f61",
            "parentcaller": "0x051e2e2f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05592000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-04-27 21:05:47,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e26ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-04-27 21:05:47,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e26ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-04-27 21:05:47,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e26ef",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-04-27 21:05:47,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e26ef",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-04-27 21:05:47,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e30ba",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-04-27 21:05:47,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e30ba",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3193",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3193",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e352f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e352f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3539",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3539",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3544",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3544",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3639",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3639",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e367b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e367b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e36eb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e36eb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e37bc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e37bc",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e387d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e387d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-04-27 21:05:48,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2836",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2836",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2886",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2886",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2954",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2954",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2b29",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e2b29",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0adf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x051e3c2f",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83a78"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x051e3c38",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83a78"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xad3qT\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x02!\\x0b\\x01\\x0b\\x00\\x00\\x1a\\x00\\x00\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\xee8\\x00\\x00\\x00 \\x00\\x00\\x00@\\x00\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00@\\x85\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9c8\\x00\\x00O\\x00\\x00\\x00\\x00@\\x00\\x00X/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.text\\x00\\x00\\x00\\xf4\\x18\\x00\\x00\\x00 \\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00`.rsrc\\x00\\x00\\x00X/\\x00\\x00\\x00@\\x00\\x00\\x000\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00@.reloc\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x02\\x00\\x00\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd08\\x00\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x02\\x00\\x05\\x00\\xd0!\\x00\\x00\\xcc\\x16\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x02(\\x01\\x00\\x00\n*\\x1e\\x02(\\x04\\x00\\x00\n*\\xa6s\\x06\\x00\\x00\n\\x80\\x01\\x00\\x00\\x04s\\x07\\x00\\x00\n\\x80\\x02\\x00\\x00\\x04s\\x08\\x00\\x00\n\\x80\\x03\\x00\\x00\\x04s\t\\x00\\x00\n\\x80\\x04\\x00\\x00\\x04*\\x00\\x00\\x130\\x01\\x00\\x0b\\x00\\x00\\x00\\x01\\x00\\x00\\x11~\\x01\\x00\\x00\\x04o\n\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x0b\\x00\\x00\\x00\\x02\\x00\\x00\\x11~\\x02\\x00\\x00\\x04o\\x0b\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x0b\\x00\\x00\\x00\\x03\\x00\\x00\\x11~\\x03\\x00\\x00\\x04o\\x0c\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x0b\\x00\\x00\\x00\\x04\\x00\\x00\\x11~\\x04\\x00\\x00\\x04o\r\\x00\\x00\n*\\x00\\x130\\x02\\x00\r\\x00\\x00\\x00\\x05\\x00\\x00\\x11\\x02\\x03(\\x11\\x00\\x00\n(\\x12\\x00\\x00\n*\\x00\\x00\\x00\\x130\\x01\\x00\\x07\\x00\\x00\\x00\\x06\\x00\\x00\\x11\\x02(\\x13\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x0b\\x00\\x00\\x00\\x07\\x00\\x00\\x11\\xd0\\x05\\x00\\x00\\x02(\\x14\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x07\\x00\\x00\\x00\\x08\\x00\\x00\\x11\\x02(\\x15\\x00\\x00\n*\\x00\\x130\\x01\\x00\\x10\\x00\\x00\\x00\t\\x00\\x00\\x11\\x02\\x8c\\x01\\x00\\x00\\x1b-\\x06(\\x01\\x00\\x00+*\\x02*\\x130\\x02\\x00\\x10\\x00\\x00\\x00\n\\x00\\x00\\x11\\x03\\x12\\x00\\xfe\\x15\\x02\\x00\\x00\\x1b\\x06\\x81\\x02\\x00\\x00\\x1b*\\x1e\\x02(\\x17\\x00\\x00\n*\\x130\\x02\\x00(\\x00\\x00\\x00\\x0b\\x00\\x00\\x11\\x02{\\x19\\x00\\x00\no\\x1a\\x00\\x00\n\\x0b\\x07\\x8c\\x03\\x00\\x00\\x1b-\\x12(\\x02\\x00\\x00+\\x0b\\x02{\\x19\\x00\\x00\n\\x07o\\x1b\\x00\\x00\n\\x07*J\\x02(\\x17\\x00\\x00\n\\x02s\\x1c\\x00\\x00\n}\\x19\\x00\\x00\n*\\x00BSJB\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00v2.0.50727\\x00\\x00\\x00\\x00\\x05\\x00l\\x00\\x00\\x00l\t\\x00\\x00#~\\x00\\x00\\xd8\t\\x00\\x00\\xf4\t\\x00\\x00#Strings\\x00\\x00\\x00\\x00\\xcc\\x13\\x00\\x00\\x08\\x00\\x00\\x00#US\\x00\\xd4\\x13\\x00\\x00\\x10\\x00\\x00\\x00#GUID\\x00\\x00\\x00\\xe4\\x13\\x00\\x00\\xe8\\x02\\x00\\x00#Blob\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x01W\\x15\\xa2\t\t\\x0e\\x00\\x00\\x00\\xfa%3\\x00\\x16\\x00\\x00\\x01\\x00\\x00\\x00\"\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x05\\x00\\x00\\x008\\x00\\x00\\x00'\\x00\\x00\\x00(\\x00\\x00\\x000\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x00\\x00\\x00\t\\x00\\x00\\x00\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\xe1\t\\x01\\x00\\x00\\x00\\x00\\x00\n\\x00\\xb2\\x01\\x88\\x01\n\\x00\\xe6\\x01\\xc8\\x01\\x06\\x00\\xf6\\x01\\xef\\x01\n\\x00N\\x02\\x88\\x01\\x06\\x00\\xcc\\x02\\xef\\x01\n\\x00N\\x03$\\x03\\x06\\x00:\\x05\\xef\\x01\\x06\\x00\\xc5\\x05\\xaa\\x05\\x06\\x00\\x10\\x06\\xef\\x01\\x06\\x00<\\x06\\xef\\x01\\x06\\x00I\\x06\\xef\\x01\\x0e\\x00\\xbb\\x06\\xa5\\x06\\x0e\\x00\\xd4\\x06\\xa5\\x06\\x0e\\x00\\x01\\x07\\xe9\\x06\\x06\\x00+\\x07\\x18\\x07\n\\x00j\\x07C\\x07\n\\x00\\x82\\x07\\x13\\x00\\x0e\\x00\\xb7\\x07\\x9a\\x07\\x06\\x00\\xec\\x07\\xcc\\x07\\x06\\x00\n\\x08\\xef\\x01\\x06\\x00.\\x08\\xef\\x01\n\\x00G\\x08\\x13\\x00\\x06\\x00\\x95\\x08v\\x08\\x06\\x00\\xa9\\x08\\xef\\x01\\x06\\x00\\xbd\\x08\\xcc\\x07\\x06\\x00\\xdd\\x08\\xcc\\x07\\x06\\x00\r\t\\xfb\\x08\\x06\\x00*\tv\\x08\\x06\\x008\t\\xfb\\x08\\x06\\x00S\t\\xfb\\x08\\x06\\x00n\t\\xfb\\x08\\x06\\x00\\x87\t\\xfb\\x08\\x06\\x00\\xa0\t\\xfb\\x08\\x06\\x00\\xbd\t\\xfb\\x08\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x00)\\x007\\x00\\x05\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x00C\\x007\\x00\t\\x00\\x01\\x00\\x02\\x00\\x00\\x01\\x10\\x00N\\x007\\x00\r\\x00\\x01\\x00\\x03\\x00\\x05\\x01\\x00\\x00X\\x00\\x00\\x00\r\\x00\\x05\\x00\\x08\\x00\\x05\\x01\\x00\\x00f\\x00\\x00\\x00\r\\x00\\x05\\x00\\x0f\\x00\\xa1\\x00\\x00\\x00\\x81\\x00\\x90\\x00\\x00\\x00\\x06\\x00\\x11\\x00\\xa1\\x00\\x00\\x00\\xa6\\x00\\x90\\x00\\x00\\x00\\x06\\x00\\x17\\x00\\xa1\\x00\\x00\\x00\\xb2\\x00\\x90\\x00\\x00\\x00\\x06\\x00\\x19\\x00\\xa1\\x00\\x00\\x00\\xbd\\x00\\xcd\\x00\\x00\\x00\\x06\\x00\\x1b\\x00\\xa1\\x00\\x00\\x00\\xe7\\x00\\xcd\\x00\\x00\\x00\\x06\\x00\\x1e\\x00\\xa1\\x00\\x00\\x00\\xfa\\x00\\xcd\\x00\\x00\\x00\\x06\\x00%\\x00\\xa1\\x00\\x00\\x00\\x08\\x01\\xcd\\x00\\x00\\x00\\x06\\x00&\\x00\\xa1\\x00\\x00\\x00\\x1b\\x01\\xcd\\x00\\x00\\x00\\x06\\x00(\\x00\\xa1\\x00\\x00\\x00*\\x01F\\x01\\x00\\x00\\x06\\x00-\\x00\\xa1\\x00\\x00\\x00O\\x01F\\x01\\x00\\x00\\x06\\x002\\x00\\x01\\x01\\x00\\x00s\\x01F\\x01%\\x00\\x06\\x005\\x001\\x00\\x11\\x02 \\x001\\x00:\\x02-\\x001\\x00\\\\x02:\\x001\\x00\\x81\\x02G\\x00!\\x00]\\x03\\x90\\x00P \\x00\\x00\\x00\\x00\\x06\\x18\\xc2\\x01\\x13\\x00\\x01\\x00X \\x00\\x00\\x00\\x00\\x06\\x18\\xc2\\x01\\x13\\x00\\x01\\x00` \\x00\\x00\\x00\\x00\\x11\\x18\\xfd\\x01\\x17\\x00\\x01\\x00\\x8c \\x00\\x00\\x00\\x00\\x13\\x08\\x04\\x02\\x1b\\x00\\x01\\x00\\xa4 \\x00\\x00\\x00\\x00\\x13\\x08*\\x02(\\x00\\x01\\x00\\xbc \\x00\\x00\\x00\\x00\\x13\\x08S\\x025\\x00\\x01\\x00\\xd4 \\x00\\x00\\x00\\x00\\x13\\x08q\\x02B\\x00\\x01\\x00\\xec \\x00\\x00\\x00\\x00F\\x02\\xb7\\x02c\\x00\\x01\\x00\\x08!\\x00\\x00\\x00\\x00F\\x02\\xc0\\x02h\\x00\\x02\\x00\\x1c!\\x00\\x00\\x00\\x00\\x83\\x00\\xd1\\x02l\\x00\\x02\\x004!\\x00\\x00\\x00\\x00F\\x02\\xd9\\x02q\\x00\\x02\\x00H!\\x00\\x00\\x00\\x00\\x11\\x00\\xe2\\x02x\\x00\\x02\\x00d!\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x03\\x80\\x00\\x03\\x00\\x80!\\x00\\x00\\x00\\x00\\x06\\x18\\xc2\\x01\\x13\\x00\\x04\\x00\\x88!\\x00\\x00\\x00\\x00\\x03\\x08\\x14\\x03\\x8b\\x00\\x04\\x00\\xbc!\\x00\\x00\\x00\\x00\\x06\\x18\\xc2\\x01\\x13\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07s\\x03\\x9d\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\x8e\\x03\\xa4\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\x9a\\x03\\xa4\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\xa5\\x03\\xa9\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\xc6\\x03\\xae\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\xe1\\x03\\x13\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\xf3\\x03\\xa4\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\x08\\x04\\xa4\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x07\\x1d\\x04\\x13\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x070\\x04\\x13\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x0fC\\x04\\xb4\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x0f"
              },
              {
                "name": "Length",
                "value": "19968"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-04-27 21:05:48,400",
            "thread_id": "6700",
            "caller": "0x051e3c38",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83a78"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-04-27 21:05:48,416",
            "thread_id": "6700",
            "caller": "0x051e3c38",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83cb8"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-04-27 21:05:48,416",
            "thread_id": "6700",
            "caller": "0x051e3d45",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a83b38"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-04-27 21:05:48,416",
            "thread_id": "6700",
            "caller": "0x051e3d4e",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptHashData",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83b38"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xad'\\xe9T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x0e!\\x0b\\x01\\x06\\x00\\x00T\\x01\\x00\\x00\\x84\\x01\\x00\\x00\\x00\\x00\\x00\\xf2s\\x01\\x00\\x00 \\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x04\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x98s\\x01\\x00W\\x00\\x00\\x00\\x00\\xa0\\x01\\x00\\x88/\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x01\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.text\\x00\\x00\\x00\\xf8S\\x01\\x00\\x00 \\x00\\x00\\x00T\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00`.reloc\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x80\\x01\\x00\\x00\\x02\\x00\\x00\\x00V\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00B.rsrc\\x00\\x00\\x00\\x88/\\x00\\x00\\x00\\xa0\\x01\\x00\\x000\\x00\\x00\\x00X\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd4s\\x01\\x00\\x00\\x00\\x00\\x00H\\x00\\x00\\x00\\x02\\x00\\x05\\x00\\xb4\\xeb\\x00\\x00\\xe4\\x87\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00Dc\\x00\\x00p\\x88\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x030\n\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x1b\\x1a-\\x07&(\"\\x00\\x00\n*&+\\xf7\\x00\\x030\t\\x007\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02(#\\x00\\x00\n\\x03\\x1e-\\x18&\\x04\\x16,\\x1a&\\x05\\x1b-\\x1c&\\x0e\\x04\\x80I\\x00\\x00\\x04(\\xbc\\x00\\x00\\x06*\\x80F\\x00\\x00\\x04+\\xe2\\x80G\\x00\\x00\\x04+\\xe0\\x80H\\x00\\x00\\x04+\\xde\\x00\\x06*\\x00\\x00\\x030\t\\x00#\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03,\\x0c(7\\x00\\x00\\x06(8\\x00\\x00\\x06+\\x13\\x16\\x15-\\x08&(\\xbd\\x00\\x00\\x06+\\x07\\x80O\\x00\\x00\\x04+\\xf2*\\x00\\x06*\\x00\\x00\\x06*\\x00\\x00\\x130\\x04\\x00]\\x00\\x00\\x00\\x01\\x00\\x00\\x11\\x04\\x1d\\x15-$&\\x16\\x9ay0\\x00\\x00\\x02q0\\x00\\x00\\x02E\\x04\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x17\\x00\\x00\\x00'\\x00\\x00\\x00/\\x00\\x00\\x00+\\x03&+\\xda+.\\x04\\x16\\x18-\\x08&(\\x84\\x00\\x00\\x06+!&+\\xf6\\x04\\x16\\x1a-\\x08&(1\\x00\\x00\\x06+\\x11&+\\xf6\\x04(\\xb7\\x00\\x00\\x06+\\x06\\x04(\\x8e\\x00\\x00\\x06*\\x00\\x00\\x00\\x06*\\x00\\x00\\x06*\\x00\\x00\\x030\n\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x1c\\x1d-\\x07&(\\xbe\\x00\\x00\\x06*&+\\xf7\\x00\\x130\\x03\\x00F\\x00\\x00\\x00\\x02\\x00\\x00\\x11~\\x01\\x00\\x00\\x04\\x14($\\x00\\x00\n,3 \\xf0?y\\xa0(\"\\x00\\x00\\x06\\xd0\\x04\\x00\\x00\\x02(%\\x00\\x00\no&\\x00\\x00\ns'\\x00\\x00\n\\x1b-\\x08&\\x07\\x1b-\\x06&+\n\\x0b+\\xf6\\x80\\x01\\x00\\x00\\x04+\\x00~\\x01\\x00\\x00\\x04*\\x00\\x00\\x130\\x01\\x00\\x06\\x00\\x00\\x00\\x03\\x00\\x00\\x11~\\x02\\x00\\x00\\x04*\\x00\\x00\\x030\t\\x00\r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x16,\\x02&*\\x80\\x02\\x00\\x00\\x04+\\xf8\\x00\\x00\\x00\\x130\\x04\\x00,\\x00\\x00\\x00\\x04\\x00\\x00\\x11(\\x0b\\x00\\x00\\x06 E>y\\xa0(\"\\x00\\x00\\x06~\\x02\\x00\\x00\\x04o(\\x00\\x00\n()\\x00\\x00\n\\x1d-\\x08&\\x07t\\x01\\x00\\x00\\x1b*\\x0b+\\xf6\\x130\\x04\\x00,\\x00\\x00\\x00\\x05\\x00\\x00\\x11(\\x0b\\x00\\x00\\x06 \\x80?y\\xa0(\"\\x00\\x00\\x06~\\x02\\x00\\x00\\x04o(\\x00\\x00\n()\\x00\\x00\n\\x15-\\x08&\\x06t\\x01\\x00\\x00\\x1b*\n+\\xf6\\x130\\x05\\x00\\xb7\\x00\\x00\\x00\\x06\\x00\\x00\\x11\\x02(#\\x00\\x00\n\\x02\\x18\\x8d\\x1f\\x00\\x00\\x01\\x15-G&&\\x02 \\x00\\x01\\x00\\x00\\x8d\\x1e\\x00\\x00\\x01\\x1a->&&\\x02\\xd0;\\x00\\x00\\x02(%\\x00\\x00\n(*\\x00\\x00\n\\x1e-0&&\\x02\\xd0:\\x00\\x00\\x02(%\\x00\\x00\n(*\\x00\\x00\n}\t\\x00\\x00\\x04s+\\x00\\x00\n\n\\x1fp\\x0b+\\x15}\\x06\\x00\\x00\\x04+\\xb4}\\x07\\x00\\x00\\x04+\\xbd}\\x08\\x00\\x00\\x04+\\xcb\\x06\\x07o,\\x00\\x00\n\\x07\\x17\\xd6\\x0b\\x07 \\x87\\x00\\x00\\x001\\xed\\x06\\x1c\\x8d\\x8a\\x00\\x00\\x01\\x0c\\x08\\x16\\x1f\r\\x9e\\x08\\x17\\x1e\\x9e\\x08\\x18\\x1f.\\x9e\\x08\\x19\\x1f-\\x9e\\x08\\x1a\\x1f\t\\x9e\\x08\\x1b\\x1f\\x1b\\x9e\\x08o-\\x00\\x00\n\\x02\\x06o.\\x00\\x00\n}\\x0e\\x00\\x00\\x04*\\x00\\x130\\x03\\x00\\x0f\\x00\\x00\\x00\\x07\\x00\\x00\\x11\\x02\\x15\\x1b-\\x07&{\\x03\\x00\\x00\\x04*&+\\xf7\\x00\\x030\t\\x00\\x1a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x03\\x16,\\x07&&\\x03-\\x0f+\\x07}\\x03\\x00\\x00\\x04+\\xf4\\x02o\\x19\\x00\\x00\\x06*\\x00\\x00\\x130\\x03\\x00\\x0f\\x00\\x00\\x00\\x07\\x00\\x00\\x11\\x02\\x1a\\x1e-\\x07&{\\x04\\x00\\x00\\x04*&+\\xf7\\x00\\x030\t\\x00\\x0f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x03\\x18-\\x03&&*}\\x04\\x00\\x00\\x04+\\xf8\\x00\\x030\\x04\\x00\\x7f\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02{\\x0f\\x00\\x00\\x04,\\x01*\\x02\\x17\\x1b-\\&&\\x02o\\x17\\x00\\x00\\x06\\x02s@\\x00\\x00\\x06\\x19-R&&\\x02{\\x05\\x00\\x00\\x04\\x02%\\xfe\\x07\\x1b\\x00\\x00\\x06sI\\x00\\x00\\x06\\x18-A&&\\x02{\\x05\\x00\\x00\\x04\\x02%\\xfe\\x07\\x1c\\x00\\x00\\x06sE\\x00\\x00\\x06}$\\x00\\x00\\x04\\x02{\\x05\\x00\\x00\\x04oA\\x00\\x00\\x06&\\x02{\\x05\\x00\\x00\\x04oB\\x00\\x00\\x06&*}\\x0f\\x00\\x00\\x04+\\x9f}\\x05\\x00\\x00\\x04+\\xa9}#\\x00\\x00\\x04+\\xba\\x00\\x030\t\\x007\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02{\\x0f\\x00\\x00\\x04-\\x01*\\x02\\x16\\x1c-\\x1b&&\\x02{\\x05\\x00\\x00\\x04oD\\x00\\x00\\x06\\x02\\x14\\x1d-\\x10&&\\x02o\\x19\\x00\\x00\\x06*}\\x0f\\x00\\x00\\x04+\\xe0}\\x05\\x00\\x00\\x04+\\xeb\\x00\\x130\\x05\\x00\\x94\\x00\\x00\\x00\\x08\\x00\\x00\\x11\\x02(/\\x00\\x00\n\\x19-c&\\x12\\x00#\\x00\\x00\\x00\\x00\\x00\\x00\\xf0\\xbf(0\\x00\\x00\n\\x19-R&&\\x02~1\\x00\\x00\n\\x15-N&&\\x02~P\\x00\\x00\\x04 \\xf3<y\\xa0(\"\\x00\\x00\\x06(2\\x00\\x00\n(3\\x00\\x00\n(4\\x00\\x00\n \\xfd<y\\xa0(\"\\x00\\x00\\x06(5\\x00\\x00\n(6\\x00\\x00\n}\\x0c\\x00\\x00\\x04\\x02o\\x13\\x00\\x00\\x06,)+\\x11\n+\\x9b}\n\\x00\\x00\\x04+\\xa9}\r\\x00\\x00\\x04+\\xad\\x16\\x02{\n\\x00\\x00\\x04(\\xad\\x00\\x00\\x06\\x8c?\\x00\\x00\\x01(\\xb9\\x00\\x00\\x06*\\x030\t\\x002\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02o\\x11\\x00\\x00\\x06,)\\x02{\\x0b\\x00\\x00\\x04-!\\x02\\x02{\\x0c\\x00\\x00\\x04\\x18\\x18s7\\x00\\x00\ns8\\x00\\x00\n\\x1b-\\x04&&+\\x07}\\x0b\\x00\\x00\\x04+\\x00*\\x00\\x00\\x030\t\\x00*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02{\\x0b\\x00\\x00\\x04,!\\x02{\\x0b\\x00\\x00\\x04o9\\x00\\x00\n\\x02\\x14\\x18-\n&&\\x02o\\x17\\x00\\x00\\x06+\\x07}\\x0b\\x00\\x00\\x04+\\xf1*\\x00\\x00\\x130\\x04\\x00\\xed\\x01\\x00\\x00\t\\x00\\x00\\x11\\x02o\\x18\\x00\\x00\\x06(/\\x00\\x00\n\\x02{\n\\x00\\x00\\x04(:\\x00\\x00\n\\x18-\\x15&\\x12\\x01(;\\x00\\x00\n#\\x00\\x00\\x00\\x00\\x00\\x00\\xf0?60+\\x03\\x0b+\\xe9\\x02(/\\x00\\x00\n\\x15-\\x1b&&\\x02\\x16\\x02{\n\\x00\\x00\\x04(\\xad\\x00\\x00\\x06\\x8c?\\x00\\x00\\x01o\\x1a\\x00\\x00\\x06+\\x07}\n\\x00\\x00\\x04+\\xe0"
              },
              {
                "name": "Length",
                "value": "100352"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-04-27 21:05:48,416",
            "thread_id": "6700",
            "caller": "0x051e3d4e",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83b38"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-04-27 21:05:48,416",
            "thread_id": "6700",
            "caller": "0x051e3d4e",
            "parentcaller": "0x051e0adf",
            "category": "crypto",
            "api": "CryptCreateHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Algid",
                "value": "0x00008003",
                "pretty_value": "MD5"
              },
              {
                "name": "CryptKey",
                "value": "0x00000000"
              },
              {
                "name": "Hash object",
                "value": "0x00a838b8"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-04-27 21:05:48,541",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e3daa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-04-27 21:05:48,853",
            "thread_id": "6700",
            "caller": "0x051e07d6",
            "parentcaller": "0x051e0674",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3050"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-04-27 21:05:48,853",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e07d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-04-27 21:05:48,853",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e07d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateMutexW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2fa0"
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-04-27 21:05:49,010",
            "thread_id": "6700",
            "caller": "0x077f0174",
            "parentcaller": "0x051e07d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ee0"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-04-27 21:05:49,010",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051e07d6",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "MutexName",
                "value": "Global\\{b99f832a-30b2-4929-80df-5af09cffdbc2}"
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e468d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e468d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebec10"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x077f0355",
            "parentcaller": "0x051e468d",
            "category": "registry",
            "api": "RegOpenKeyExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Cryptography"
              },
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e46b8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e46b8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea50"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x077f0460",
            "parentcaller": "0x051e46b8",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "ValueName",
                "value": "MachineGuid"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x077f0460",
            "parentcaller": "0x051e470f",
            "category": "registry",
            "api": "RegQueryValueExA",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              },
              {
                "name": "ValueName",
                "value": "MachineGuid"
              },
              {
                "name": "Data",
                "value": "f3037635-6191-4c44-bd96-905f1b4feafd"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e471d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebeb20"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-04-27 21:05:49,182",
            "thread_id": "6700",
            "caller": "0x0290a3a6",
            "parentcaller": "0x051e471d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-04-27 21:05:49,338",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x051e47ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
              },
              {
                "name": "Handle",
                "value": "0x000003fc"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-04-27 21:05:49,338",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051e4808",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "EnableLUA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-04-27 21:05:49,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4808",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-04-27 21:05:49,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4808",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe8e0"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-04-27 21:05:49,338",
            "thread_id": "6700",
            "caller": "0x077f055e",
            "parentcaller": "0x051e4808",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              },
              {
                "name": "ValueName",
                "value": "EnableLUA"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-04-27 21:05:49,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4810",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-04-27 21:05:49,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4810",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-04-27 21:05:49,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e449c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2e80"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-04-27 21:05:49,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\shfolder"
              },
              {
                "name": "DllBase",
                "value": "0x71650000"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shfolder.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71650000"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71650000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shfolder.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shfolder.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71650000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "shfolder.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71650000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71651cb0"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x077f0650",
            "parentcaller": "0x051e4d3e",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x077f0650",
            "parentcaller": "0x051e4d3e",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001a",
                "pretty_value": "CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x051e4d87",
            "parentcaller": "0x051e44bc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0610"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-04-27 21:05:49,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3330"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-04-27 21:05:49,760",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4d87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3110"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-04-27 21:05:50,041",
            "thread_id": "6700",
            "caller": "0x077f07a1",
            "parentcaller": "0x051e4d87",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-04-27 21:05:50,041",
            "thread_id": "6700",
            "caller": "0x051e4e73",
            "parentcaller": "0x051e451c",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-04-27 21:05:50,041",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e4e9d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-04-27 21:05:50,057",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4ed9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-04-27 21:05:50,057",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4ed9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3140"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-04-27 21:05:50,057",
            "thread_id": "6700",
            "caller": "0x077f089b",
            "parentcaller": "0x051e4ed9",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-04-27 21:05:50,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4ed9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3390"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-04-27 21:05:50,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e4ed9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "WriteFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad35b0"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-04-27 21:05:50,072",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x051e4ed9",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat"
              },
              {
                "name": "Buffer",
                "value": "\\x1e\\xac\\xa3\\xc2\\xa0\\xa4\\xdeH"
              },
              {
                "name": "Length",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-04-27 21:05:50,072",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e4ed9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-04-27 21:05:50,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-04-27 21:05:50,103",
            "thread_id": "6700",
            "caller": "0x077f0650",
            "parentcaller": "0x051e552f",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-04-27 21:05:50,103",
            "thread_id": "6700",
            "caller": "0x077f0650",
            "parentcaller": "0x051e552f",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x00000026",
                "pretty_value": "CSIDL_PROGRAM_FILES"
              },
              {
                "name": "Path",
                "value": "C:\\Program Files (x86)"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-04-27 21:05:50,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e07ee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07801000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-04-27 21:05:50,510",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e55c5",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Exceptions\\1.2.2.0"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-04-27 21:05:50,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e07f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04072000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-04-27 21:05:50,525",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e07f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0407c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5694",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5694",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x051e5735",
            "parentcaller": "0x051e07f4",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 1,
            "id": 1605
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x051e5735",
            "parentcaller": "0x051e07f4",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Control Panel\\International"
              },
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x051e5735",
            "parentcaller": "0x051e07f4",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "sYearMonth"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Control Panel\\International\\sYearMonth"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x051e5735",
            "parentcaller": "0x051e07f4",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x051e5735",
            "parentcaller": "0x051e07f4",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000419",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e5ac0",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\WAN Manager"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e5ac0",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-04-27 21:05:50,572",
            "thread_id": "6700",
            "caller": "0x077f07a1",
            "parentcaller": "0x051e5ac0",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Program Files (x86)\\WAN Manager"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-04-27 21:05:50,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0292d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-04-27 21:05:50,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5acc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-04-27 21:05:50,682",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e5b97",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-04-27 21:05:50,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5adb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-04-27 21:05:50,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5adb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3170"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-04-27 21:05:50,682",
            "thread_id": "6700",
            "caller": "0x0290bf0e",
            "parentcaller": "0x051e5adb",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-04-27 21:05:50,728",
            "thread_id": "6700",
            "caller": "0x051e5ae0",
            "parentcaller": "0x051e5a1e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-04-27 21:05:50,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5aef",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CopyFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-04-27 21:05:50,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5aef",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CopyFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad37e0"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-04-27 21:05:50,838",
            "thread_id": "6700",
            "caller": "0x077f0b20",
            "parentcaller": "0x051e5aef",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x71620000"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-04-27 21:05:50,838",
            "thread_id": "6700",
            "caller": "0x077f0b20",
            "parentcaller": "0x051e5aef",
            "category": "filesystem",
            "api": "CopyFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExistingFileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "NewFileName",
                "value": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-04-27 21:05:50,838",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x051e5b04",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
              },
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-04-27 21:05:50,838",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051e5a1e",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "WAN Manager"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-04-27 21:05:50,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5a1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegSetValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-04-27 21:05:50,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5a1e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegSetValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebebf0"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-04-27 21:05:50,947",
            "thread_id": "6700",
            "caller": "0x077f0c12",
            "parentcaller": "0x051e5a1e",
            "category": "registry",
            "api": "RegSetValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "WAN Manager"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Buffer",
                "value": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
              },
              {
                "name": "BufferLength",
                "value": "92"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-04-27 21:05:50,947",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x051e5d01",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
              },
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-04-27 21:05:50,947",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051e5d18",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              },
              {
                "name": "ValueName",
                "value": "WAN Manager"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-04-27 21:05:50,994",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1631
          },
          {
            "timestamp": "2026-04-27 21:05:50,994",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-04-27 21:05:50,994",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x00\\x00\\x00\\x00\\x00\\x00`O\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-04-27 21:05:50,994",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000043c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000438"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-04-27 21:05:51,010",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000043c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07920000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dd3e8"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-04-27 21:05:51,010",
            "thread_id": "6700",
            "caller": "0x029023e7",
            "parentcaller": "0x051e5d77",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 1636
          },
          {
            "timestamp": "2026-04-27 21:05:51,041",
            "thread_id": "6700",
            "caller": "0x051e5d77",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-04-27 21:05:51,041",
            "thread_id": "6700",
            "caller": "0x051e5d77",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x04\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-04-27 21:05:51,041",
            "thread_id": "6700",
            "caller": "0x051e5d77",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000444"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000440"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-04-27 21:05:51,041",
            "thread_id": "6700",
            "caller": "0x051e5d77",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000444"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07930000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ddfec"
              },
              {
                "name": "ViewSize",
                "value": "0x00041000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-04-27 21:05:51,041",
            "thread_id": "6700",
            "caller": "0x051e5d77",
            "parentcaller": "0x051e5b21",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-04-27 21:05:51,135",
            "thread_id": "6700",
            "caller": "0x0290bf0e",
            "parentcaller": "0x051e5d86",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\WAN Manager\\wanmgr.exe"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\en-us.nlp"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e5d86",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\5e8c75c\\de7da15"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5e8c75c\\de7da15"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-04-27 21:05:51,228",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/mscorlib.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/mscorlib.resources/mscorlib.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/mscorlib.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/mscorlib.resources/mscorlib.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ad3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00ad3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-04-27 21:05:51,244",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": " \\xd1}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xa5C~s\\xe0&\\xad\\x00\\xa8H~s\\xf9\\x00&5\\x00\\x00\\x00\\x00\\xf8\\xe4\\xa6\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x000\\xd2}\\x00\\x00\\x0f\\xd3s"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000044c"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"20.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-04-27 21:05:51,307",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": "cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_basetypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.20.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "ValueName",
                "value": "cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_cppuhelper,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"x86\""
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_oootypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"9.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "ValueName",
                "value": "cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_uretypes,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.9.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "ValueName",
                "value": "policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\policy.1.0.cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"23.0.0.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "ValueName",
                "value": "cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\cli_ure,publicKeyToken=\"ce2cb7e279207b9e\",version=\"1.0.23.0\",culture=\"neutral\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000450"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryShim_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-04-27 21:05:51,322",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryShim"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e3f970"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x76ad24ac"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\culture"
              },
              {
                "name": "DllBase",
                "value": "0x71610000"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71610000"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71610000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\culture.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "culture.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71610000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertLangIdToCultureName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71613332"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\culture"
              },
              {
                "name": "DllBase",
                "value": "0x71610000"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71610000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000458"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-04-27 21:05:51,463",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ru-RU\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-04-27 21:05:51,557",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x079c0001",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ru\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\ru.nlp"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.mscorlib.resources_ru_b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\5e8c75c\\2f231edf"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5e8c75c\\2f231edf"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1705
          },
          {
            "timestamp": "2026-04-27 21:05:51,650",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-04-27 21:05:51,775",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000450"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-04-27 21:05:51,775",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a20000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dcc78"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-04-27 21:05:51,775",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000450"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007dcc78"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-04-27 21:05:51,775",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1711
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04071000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000458"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.Resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x07a20000"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x07a20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-04-27 21:05:51,791",
            "thread_id": "6700",
            "caller": "0x051e5d86",
            "parentcaller": "0x051e5b21",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-04-27 21:05:51,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5d93",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-04-27 21:05:51,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5d93",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-04-27 21:05:51,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5d93",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-04-27 21:05:51,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e5d93",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-04-27 21:05:52,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-04-27 21:05:52,385",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-04-27 21:05:52,385",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7416e450"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e41640"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server"
              },
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "diasymreader.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-04-27 21:05:52,713",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046a"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-04-27 21:05:52,728",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000460"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-04-27 21:05:52,728",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              },
              {
                "name": "ValueName",
                "value": "AlwaysReadHKCRForCLSIDs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-04-27 21:05:52,728",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenThreadToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe8c0"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80@\\xab\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSidSubAuthorityCount"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf190"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSidSubAuthority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf030"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73e95000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server"
              },
              {
                "name": "Handle",
                "value": "0x00000460"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "diasymreader.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-04-27 21:05:52,744",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-04-27 21:05:52,994",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x76ad24ac"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-04-27 21:05:53,041",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader"
              },
              {
                "name": "DllBase",
                "value": "0x71590000"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x715ba64e",
            "parentcaller": "0x73741742",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05213000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05215000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e7138f",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e713ac",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000460"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e713c2",
            "parentcaller": "0x77e7110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e6f04b",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07990000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x77e6f092",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07990000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71590000"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71590000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "diasymreader.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71590000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObjectInternal"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x715a21e1"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-04-27 21:05:53,166",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-04-27 21:05:53,275",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05217000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-04-27 21:05:53,307",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-04-27 21:05:53,307",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-04-27 21:05:53,307",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-04-27 21:05:53,369",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00VbGb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x0e!\\x0b\\x01\\x08\\x00\\x00 =\\x00\\x00`\\x08\\x00\\x00\\x00\\x00\\x00n6=\\x00\\x00 \\x00\\x00\\x00@=\\x00\\x00\\x00\\x0cy\\x00 \\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0E\\x00\\x00\\x10\\x00\\x00(\\xdcE\\x00\\x03\\x00@\\x04\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-04-27 21:05:53,369",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-04-27 21:05:53,369",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "Buffer",
                "value": "PE\\x00\\x00L\\x01\\x03\\x00VbGb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x0e!\\x0b\\x01\\x08\\x00\\x00 =\\x00\\x00`\\x08\\x00\\x00\\x00\\x00\\x00n6=\\x00\\x00 \\x00\\x00\\x00@=\\x00\\x00\\x00\\x0cy\\x00 \\x00\\x00\\x00\\x10\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0E\\x00\\x00\\x10\\x00\\x00(\\xdcE\\x00\\x03\\x00@\\x04\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1c6=\\x00O\\x00\\x00\\x00\\x00@=\\x00tK\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0E\\x00\\x0c\\x00\\x00\\x00\\xb85=\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.text\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-04-27 21:05:53,369",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "x\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-04-27 21:05:53,369",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "Buffer",
                "value": ".text\\x00\\x00\\x00t\\x16=\\x00\\x00 \\x00\\x00\\x00 =\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00`.rsrc\\x00\\x00\\x00tK\\x08\\x00\\x00@=\\x00\\x00P\\x08\\x00\\x000=\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00@.reloc\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\xa0E\\x00\\x00\\x10\\x00\\x00\\x00\\x80E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00B\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-04-27 21:05:53,385",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb8%=\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-04-27 21:05:53,510",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00VbGb\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00%\\x00\\x00\\x00\\xd45=\\x00\\xd4%=\\x00RSDSy\\x05\\x08\\x99\\xd7\\xa0\\xc5@\\x97\\xfd&7\\xdf\\xe0\\xee\\x95\\x01\\x00\\x00\\x00mscorlib.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D6=\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00^6=\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P6=\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00_CorDllMain\\x00mscoree.dll\\x00\\x00\\x00\\x00\\x00\\xff%\\x00 \\x0cy\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-04-27 21:05:53,588",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd4%=\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-04-27 21:05:53,588",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "Buffer",
                "value": "RSDSy\\x05\\x08\\x99\\xd7\\xa0\\xc5@\\x97\\xfd&7\\xdf\\xe0\\xee\\x95\\x01\\x00\\x00\\x00mscorlib.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00D6=\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00^6=\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00P6=\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00_CorDllMain\\x00mscoree.dll\\x00\\x00\\x00\\x00\\x00\\xff%\\x00 \\x0cy\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-04-27 21:05:53,588",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.pdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0521a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\symbols\\dll\\mscorlib.pdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\dll\\mscorlib.pdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\mscorlib.pdb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-04-27 21:05:53,682",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045e"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\SysWOW64\\mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7416e450"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-04-27 21:05:53,697",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.PDB"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-04-27 21:05:53,760",
            "thread_id": "6700",
            "caller": "0x77261999",
            "parentcaller": "0x772616ce",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-04-27 21:05:53,760",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-04-27 21:05:53,760",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\\x00\\x0e\\x1f\\xba\\x0e\\x00\\xb4\t\\xcd!\\xb8\\x01L\\xcd!This program cannot be run in DOS mode.\r\r\n$\\x00\\x00\\x00\\x00\\x00\\x00\\x00PE\\x00\\x00L\\x01\\x03\\x00\\xa1'\\xe9T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x0e\\x01\\x0b\\x01\\x06\\x00\\x00\\xc8\\x01\\x00\\x00b\\x01\\x00\\x00\\x00\\x00\\x00\\x92\\xe7\\x01\\x00\\x00 \\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x03\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-04-27 21:05:53,760",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-04-27 21:05:53,760",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000460"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "Buffer",
                "value": "PE\\x00\\x00L\\x01\\x03\\x00\\xa1'\\xe9T\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xe0\\x00\\x0e\\x01\\x0b\\x01\\x06\\x00\\x00\\xc8\\x01\\x00\\x00b\\x01\\x00\\x00\\x00\\x00\\x00\\x92\\xe7\\x01\\x00\\x00 \\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00@\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x03\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\xe7\\x01\\x00W\\x00\\x00\\x00\\x00 \\x02\\x00\\xa8_\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08 \\x00\\x00H\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00.text\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-04-27 21:05:53,775",
            "thread_id": "6700",
            "caller": "0x051e6260",
            "parentcaller": "0x051e5daa",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000460"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTempPath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTempPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3420"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTempFileName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetTempFileNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3400"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "2",
                "pretty_value": "FILE_CREATE"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-04-27 21:05:54,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029023e7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02903000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-04-27 21:05:54,525",
            "thread_id": "6700",
            "caller": "0x077f089b",
            "parentcaller": "0x051e65f5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-04-27 21:05:54,541",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x051e65f5",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000045c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r"
              },
              {
                "name": "Length",
                "value": "1304"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-04-27 21:05:54,541",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e65f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000045c"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-04-27 21:05:55,353",
            "thread_id": "6700",
            "caller": "0x051e6612",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ee0"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-04-27 21:05:55,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-04-27 21:05:55,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac8ae0"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-04-27 21:05:55,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-04-27 21:05:55,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac88e0"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-04-27 21:05:55,635",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000470"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SYSTEM32\\schtasks.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\""
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "3884"
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-04-27 21:05:55,775",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-04-27 21:05:55,807",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x7728341c"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-04-27 21:05:55,807",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "process",
            "api": "CreateProcessW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": ""
              },
              {
                "name": "CommandLine",
                "value": "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\""
              },
              {
                "name": "CreationFlags",
                "value": "0x08000000"
              },
              {
                "name": "ProcessId",
                "value": "3884"
              },
              {
                "name": "ThreadId",
                "value": "1828"
              },
              {
                "name": "ProcessHandle",
                "value": "0x00000470"
              },
              {
                "name": "ThreadHandle",
                "value": "0x0000046c"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-04-27 21:05:55,807",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2e80"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ef0"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x077f0f5d",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000470"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000454"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "OLE32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoWaitForMultipleHandles"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c61170"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000148"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Ole\\FeatureDevelopmentProperties"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000148"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Ole"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Ole"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000044c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000148"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\xe1}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\xdc}\\x00\\x00`\\x8d\\x00\\xdc,\\xebw\\x80\\xe2}\\x00i\\xa7\\xeas\\xcc\\xe1}\\x00\\x80\\xe2}\\x00\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000448"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000014c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Classes\\Local Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000448"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e724f0"
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb40c0"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70780"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea52e0"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1866
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000014c"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-04-27 21:05:55,853",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0\\xdd}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xc4\\xdd}\\x00\\x00\\x00\\x00\\x00x\\xdd}\\x00\\xc3\\xd8\\xbewL\\x01\\x00\\x00\\x12\\x00\\x00\\x00\\x90\\xdd}\\x00\\x04\\x00\\x00\\x00t\\xdd}\\x00L\\x01\\x00\\x00\\x04\\x00\\x00\\x00\\xa0\\xdd}\\x00/\\xd8\\xbew\\x10\\xe0}\\x00\\x00\\x00\\x00\\x00\\x04\\xde}\\x00"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000414"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000416"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000416"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000416"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\sex1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-04-27 21:05:55,869",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\sex1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000416"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000416"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\sex1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\sex1.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\sex1.exe"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1883
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1887
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x83ed\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xe1}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xb4\r\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa4\\x00\\xb0\r\\xc3\\x00\\x00\\x00}\\x00L\\xe2}\\x00\\xae^\\xe8w\\xac\\xe2}\\x00\\xae^\\xe8w\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000048c"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.6648"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000416"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000416"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000416"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000496"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000496"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x98\\xd6}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00$\\xd7\\xd4\\xd6\\xc8\\xd6\\x96\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00p\\xd9}\\x00\\xdct%w\\x96\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-04-27 21:05:55,885",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000498"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000496"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd6}\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd6\\xac\\xd6\\xa0\\xd6\\x9a\\x04\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd9}\\x00\\xdct%w\\x9a\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000049a"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000049a"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000496"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000494"
              },
              {
                "name": "ValueName",
                "value": "NdrOleExtDLL"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "combase.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "NdrOleInitializeExtension"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c79590"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoMarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c372f0"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoUnmarshalInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c35d80"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "StringFromIID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77bbb480"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c57f90"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c583b0"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c2e550"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              },
              {
                "name": "FunctionName",
                "value": "CoReleaseMarshalData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77c0db30"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000494"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdcx\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00l\\x00_\\x00i\\x00n\\x00t\\x00l\\x00.\\x00n\\x00l\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xf8\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "d\\x1f\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xec\\xec\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00\\xe8\\xec\\xad\\x00\\x00\\x00#\\x00\\xac\\xda\\xa0\\xda\\x98\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\x98\\x04\\x00\\x00\\xf4\\xda}\\x00C\\x92\\xe9w\\x98\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xc2O?3\\x9c\\xd5}\\x00\\x98\\x04\\x00\\x00P\\xe4}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xac\\xda}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0cv\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\\\x00S\\x00Y\\x00S\\x00T\\x00E\\x00M\\x003\\x002\\x00\\\\x00s\\x00c\\x00h\\x00t\\x00a\\x00s\\x00k\\x00s\\x00.\\x00e\\x00x\\x00e\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf9\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd4\"\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xac\\xea\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00\\xa8\\xea\\xad\\x00\\x00\\x00#\\x00\\x94\\xd8\\x88\\xd8\\x98\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\x98\\x04\\x00\\x00\\xdc\\xd8}\\x00C\\x92\\xe9w\\x98\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xdaM?3\\x84\\xd3}\\x00\\x98\\x04\\x00\\x00P\\xe4}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\x94\\xd8}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000494"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000498"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-04-27 21:05:55,900",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77b50000"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000014c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x77c7d700"
              },
              {
                "name": "Parameter",
                "value": "0x00ad20a0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3524"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000014c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x77c7d700"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00ad20a0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3524"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3524",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 1965
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdcx\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00l\\x00_\\x00i\\x00n\\x00t\\x00l\\x00.\\x00n\\x00l\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3524",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3524",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1c!\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ",\\xec\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00(\\xec\\xad\\x00\\x00\\x00#\\x00\\xcc\\xdd\\xc0\\xdd\\xa0\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\xa0\\x04\\x00\\x00\\x14\\xde}\\x00C\\x92\\xe9w\\xa0\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xe2H?3\\xbc\\xd8}\\x00\\xa0\\x04\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xcc\\xdd}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xacv\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00S\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00m\\x00s\\x00c\\x00o\\x00r\\x00e\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf9\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4!\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ",\\xef\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00(\\xef\\xad\\x00\\x00\\x00#\\x00\\xb4\\xdb\\xa8\\xdb\\xa0\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\xa0\\x04\\x00\\x00\\xfc\\xdb}\\x00C\\x92\\xe9w\\xa0\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xfaN?3\\xa4\\xd6}\\x00\\xa0\\x04\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xb4\\xdb}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ",t\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00a\\x00s\\x00s\\x00e\\x00m\\x00b\\x00l\\x00y\\x00\\\\x00G\\x00A\\x00C\\x00_\\x00M\\x00S\\x00I\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xf8\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\\"\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ",\\xef\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00(\\xef\\xad\\x00\\x00\\x00#\\x00\\xcc\\xdd\\xc0\\xddL\\x01\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0L\\x01\\x00\\x00\\x14\\xde}\\x00C\\x92\\xe9wL\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xe2H?3\\xbc\\xd8}\\x00L\\x01\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xcc\\xdd}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1cu\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00a\\x00s\\x00s\\x00e\\x00m\\x00b\\x00l\\x00y\\x00\\\\x00G\\x00A\\x00C\\x00_\\x00M\\x00S\\x00I\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf9\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14$\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xef\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00\\x88\\xef\\xad\\x00\\x00\\x00#\\x00\\xb4\\xdb\\xa8\\xdbL\\x01\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0L\\x01\\x00\\x00\\xfc\\xdb}\\x00C\\x92\\xe9wL\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xfaN?3\\xa4\\xd6}\\x00L\\x01\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xb4\\xdb}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x0000014c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdcx\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00s\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00l\\x00_\\x00i\\x00n\\x00t\\x00l\\x00.\\x00n\\x00l\\x00s\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xf8\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0c\"\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcc\\xee\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00\\xc8\\xee\\xad\\x00\\x00\\x00#\\x00\\xcc\\xdd\\xc0\\xdd\\xa0\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\xa0\\x04\\x00\\x00\\x14\\xde}\\x00C\\x92\\xe9w\\xa0\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xe2H?3\\xbc\\xd8}\\x00\\xa0\\x04\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xcc\\xdd}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ",t\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00a\\x00s\\x00s\\x00e\\x00m\\x00b\\x00l\\x00y\\x00\\\\x00G\\x00A\\x00C\\x00_\\x00M\\x00S\\x00I\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf9\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14$\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ",\\xec\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00(\\xec\\xad\\x00\\x00\\x00#\\x00\\xb4\\xdb\\xa8\\xdb\\xa0\\x04\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0\\xa0\\x04\\x00\\x00\\xfc\\xdb}\\x00C\\x92\\xe9w\\xa0\\x04\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xfaN?3\\xa4\\xd6}\\x00\\xa0\\x04\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xb4\\xdb}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x000004a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": ",t\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00d\\x00o\\x00w\\x00s\\x00\\\\x00a\\x00s\\x00s\\x00e\\x00m\\x00b\\x00l\\x00y\\x00\\\\x00G\\x00A\\x00C\\x00_\\x00M\\x00S\\x00I\\x00L\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xf8\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "$#\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "l\\xeb\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00h\\xeb\\xad\\x00\\x00\\x00#\\x00\\xcc\\xdd\\xc0\\xddL\\x01\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0L\\x01\\x00\\x00\\x14\\xde}\\x00C\\x92\\xe9wL\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xe2H?3\\xbc\\xd8}\\x00L\\x01\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xcc\\xdd}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc0\\xdf\\x10\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8cs\\xa9\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x02\\x00\\x00\\x00K\\x00\\x00\\x00\\x12\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x02\\x00\\x00\\x00N\\x00\\x00\\x00\\xfd\\xff\\xff\\xff\\x02\\x00\\x00\\x00V\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xf9\\xa7\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x000\\x00\\x00r\\x00s\\x00\\\\x00c\\x00a\\x00p\\x00e\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00\\x00\\x00i\\x00"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "d\\x1f\\xad\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcc\\xeb\\xad\\x00\\x02\\x00P\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf8\\xff\\x02\\x00"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\xf8\\x0bt\\x08\\x15\\x0ct\\x06\\x00\\x00\\x00\\xf4\\x14\\x0ctT\\x00\\x00\\x00\\xc8\\xeb\\xad\\x00\\x00\\x00#\\x00\\xb4\\xdb\\xa8\\xdbL\\x01\\x00\\x00\\x9c\\xf6\\x00\\x00\\x00\\x00\\xa4\\x00#\\x00\\x00\\xc0L\\x01\\x00\\x00\\xfc\\xdb}\\x00C\\x92\\xe9wL\\x01\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xc8M\\x13t\\xfc\\x91\\xcc\\x02\\x9c\\xf6\\xcd\\x02#\\x00\\x00\\xc0i\\xa7\\xeas\\xfaN?3\\xa4\\xd6}\\x00L\\x01\\x00\\x00\\xe8\\xe6}\\x00\\xd0\\xa9\\x01t&\\xc3OG\\xfe\\xff\\xff\\xff\\xb4\\xdb}\\x00\\xd6\\xd9\\xeds/\\x00\\x00\\x00\\x8c\\xef\\x0bt$\\x15\\x0ct"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "1368",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "1368",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2058
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "1368",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "1368",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "1368",
            "caller": "0x77271454",
            "parentcaller": "0x7693b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004a0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3676",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2064
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3676",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-04-27 21:05:55,916",
            "thread_id": "3676",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x079a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2069
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07fc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x051e6620",
            "parentcaller": "0x051e63f1",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-04-27 21:05:59,744",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-04-27 21:05:59,760",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetExitCodeProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac94c0"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-04-27 21:05:59,760",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e63f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetExitCodeProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-04-27 21:05:59,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-04-27 21:05:59,807",
            "thread_id": "6700",
            "caller": "0x051e6648",
            "parentcaller": "0x051e63f1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-04-27 21:05:59,885",
            "thread_id": "6700",
            "caller": "0x0290bf0e",
            "parentcaller": "0x051e6648",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-04-27 21:05:59,885",
            "thread_id": "6700",
            "caller": "0x077f089b",
            "parentcaller": "0x051e6738",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-04-27 21:05:59,885",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x051e6738",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat"
              },
              {
                "name": "Buffer",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
              },
              {
                "name": "Length",
                "value": "41"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-04-27 21:05:59,885",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e6738",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-04-27 21:06:00,150",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-04-27 21:06:00,338",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "2",
                "pretty_value": "FILE_CREATE"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-04-27 21:06:00,338",
            "thread_id": "6700",
            "caller": "0x077f0d1c",
            "parentcaller": "0x051e6597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-04-27 21:06:00,338",
            "thread_id": "6700",
            "caller": "0x077f089b",
            "parentcaller": "0x051e65f5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000454"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-04-27 21:06:00,353",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x051e65f5",
            "category": "filesystem",
            "api": "NtWriteFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000454"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r"
              },
              {
                "name": "Length",
                "value": "1308"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-04-27 21:06:00,353",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e65f5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-04-27 21:06:00,385",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "process",
            "api": "NtCreateUserProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000454"
              },
              {
                "name": "ProcessDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ThreadDesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "ProcessFileName",
                "value": ""
              },
              {
                "name": "ThreadName",
                "value": ""
              },
              {
                "name": "ImagePathName",
                "value": "C:\\Windows\\SYSTEM32\\schtasks.exe"
              },
              {
                "name": "CommandLine",
                "value": "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\""
              },
              {
                "name": "DllPath",
                "value": ""
              },
              {
                "name": "ProcessId",
                "value": "3200"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-04-27 21:06:00,947",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "6700"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x7728341c"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-04-27 21:06:00,963",
            "thread_id": "6700",
            "caller": "0x077f0e07",
            "parentcaller": "0x051e6612",
            "category": "process",
            "api": "CreateProcessW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ApplicationName",
                "value": ""
              },
              {
                "name": "CommandLine",
                "value": "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\""
              },
              {
                "name": "CreationFlags",
                "value": "0x08000000"
              },
              {
                "name": "ProcessId",
                "value": "3200"
              },
              {
                "name": "ThreadId",
                "value": "7412"
              },
              {
                "name": "ProcessHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ThreadHandle",
                "value": "0x00000454"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-04-27 21:06:00,963",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e6612",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-04-27 21:06:00,963",
            "thread_id": "6700",
            "caller": "0x077f0f5d",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000004b0"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000454"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-04-27 21:06:02,291",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051e6620",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-04-27 21:06:02,322",
            "thread_id": "6700",
            "caller": "0x0290bf0e",
            "parentcaller": "0x051e6648",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-04-27 21:06:02,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e682a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-04-27 21:06:02,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e682a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteFileA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3160"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-04-27 21:06:02,338",
            "thread_id": "6700",
            "caller": "0x077f114d",
            "parentcaller": "0x051e682a",
            "category": "filesystem",
            "api": "DeleteFileA",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe:Zone.Identifier"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1910"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x077f11f6",
            "parentcaller": "0x02902420",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2099
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateIoCompletionPort"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad22a0"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "PostQueuedCompletionStatus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2260"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77e40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryInformationThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb2ce0"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb2df0"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-04-27 21:06:02,353",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtGetCurrentProcessorNumber"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb39c0"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00ac74d0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "6580"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000004b8",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00ac74d0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "6580"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6700",
            "caller": "0x051e6b55",
            "parentcaller": "0x051e0833",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "6580"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2113
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08011000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xa0\\x8f\\x00\\xf8\\x19\\x00\\x00\\xb4\\x19\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6580"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-04-27 21:06:02,416",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-04-27 21:06:02,432",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-04-27 21:06:02,432",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SwitchToThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac7cc0"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-04-27 21:06:02,432",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 9,
            "id": 2124
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0839",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07802000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0839",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x051e6bee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x051e6bee",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x051e6c16",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x051e6c16",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-04-27 21:06:02,510",
            "thread_id": "6580",
            "caller": "0x051e6c3e",
            "parentcaller": "0x051e6c16",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-04-27 21:06:02,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0839",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-04-27 21:06:02,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0839",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-04-27 21:06:02,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e0839",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-04-27 21:06:02,572",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e6cc4",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\catalog.dat"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-04-27 21:06:02,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e083f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-04-27 21:06:02,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e083f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-04-27 21:06:02,588",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e707c",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\storage.dat"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-04-27 21:06:02,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0413f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\4ecde57e\\31d9ddbb"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\4ecde57e\\31d9ddbb"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ClientPlugin.DLL"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ClientPlugin/ClientPlugin.DLL"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ClientPlugin.EXE"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ClientPlugin/ClientPlugin.EXE"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.dll"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.dll"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.exe"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e084e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.exe"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-04-27 21:06:02,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08110000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007db5f4"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-04-27 21:06:02,697",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-04-27 21:06:02,713",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07803000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-04-27 21:06:02,713",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-04-27 21:06:02,713",
            "thread_id": "6700",
            "caller": "0x051e7648",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08120000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-04-27 21:06:02,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e7b72",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-04-27 21:06:02,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e7b72",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-04-27 21:06:02,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e77be",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-04-27 21:06:02,744",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e77be",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-04-27 21:06:02,744",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e7dca",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\settings.bin"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-04-27 21:06:02,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-04-27 21:06:02,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-04-27 21:06:02,838",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08130000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-04-27 21:06:02,838",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e7dca",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\settings.bak"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "6700",
            "caller": "0x051e8276",
            "parentcaller": "0x051e77d2",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7380ae99"
              },
              {
                "name": "Parameter",
                "value": "0x007de81c"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "6700",
            "caller": "0x051e8276",
            "parentcaller": "0x051e77d2",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000004ec",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7380ae99"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x007de81c"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "6700",
            "caller": "0x051e8276",
            "parentcaller": "0x051e77d2",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "8184",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2174
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "8184",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "8184",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "8184",
            "caller": "0x77271454",
            "parentcaller": "0x7386c4c9",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004f0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-04-27 21:06:02,994",
            "thread_id": "8184",
            "caller": "0x7726269a",
            "parentcaller": "0x73aeacc4",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-04-27 21:06:03,010",
            "thread_id": "8184",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-04-27 21:06:03,010",
            "thread_id": "8184",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08171000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-04-27 21:06:03,010",
            "thread_id": "6700",
            "caller": "0x051e8276",
            "parentcaller": "0x051e77d2",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ApcRoutine",
                "value": "0x77e6c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-04-27 21:06:03,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-04-27 21:06:03,072",
            "thread_id": "6700",
            "caller": "0x051e837f",
            "parentcaller": "0x051e7833",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ApcRoutine",
                "value": "0x77e6c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-04-27 21:06:03,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-04-27 21:06:03,150",
            "thread_id": "8184",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00ac7550"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "7312"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-04-27 21:06:03,150",
            "thread_id": "8184",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000050c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00ac7550"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "7312"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-04-27 21:06:03,150",
            "thread_id": "8184",
            "caller": "0x7727d303",
            "parentcaller": "0x7386ba5f",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "7312"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-04-27 21:06:03,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2189
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x082b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x90\\x00\\xf8\\x19\\x00\\x00\\x90\\x1c\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7312"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051e8707",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07804000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08122000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-04-27 21:06:03,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-04-27 21:06:03,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-04-27 21:06:03,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetSystemTimeAndBias"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ec7190"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e84cb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-04-27 21:06:03,197",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000051c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000051c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x083adf20"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000051c"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x083adf20"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\tzres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000005",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\tzres.dll"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000518"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000518"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x083adf20"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-04-27 21:06:03,213",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-04-27 21:06:03,244",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-04-27 21:06:03,244",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000518"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000520"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-04-27 21:06:03,244",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000518"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x083adf20"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-04-27 21:06:03,244",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000518"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x051e88b5",
            "parentcaller": "0x051e8707",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x051e88c7",
            "parentcaller": "0x051e8707",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "44"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-04-27 21:06:03,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e84cb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e84cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e84cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000520"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000520"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007de324"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000520"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08123000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-04-27 21:06:03,275",
            "thread_id": "6700",
            "caller": "0x051e9190",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08124000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-04-27 21:06:03,291",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07805000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-04-27 21:06:03,291",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08125000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-04-27 21:06:03,322",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07806000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-04-27 21:06:03,322",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08126000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-04-27 21:06:03,353",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07807000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-04-27 21:06:03,369",
            "thread_id": "6700",
            "caller": "0x051e9199",
            "parentcaller": "0x051e8af1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0292e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-04-27 21:06:03,385",
            "thread_id": "6700",
            "caller": "0x051e962c",
            "parentcaller": "0x051e94c5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-04-27 21:06:03,478",
            "thread_id": "6700",
            "caller": "0x051e94e4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-04-27 21:06:03,494",
            "thread_id": "6700",
            "caller": "0x051e94e4",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-04-27 21:06:03,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e943d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-04-27 21:06:03,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e943d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-04-27 21:06:03,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e943d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-04-27 21:06:03,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e943d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-04-27 21:06:03,541",
            "thread_id": "6700",
            "caller": "0x051e972c",
            "parentcaller": "0x051e943d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b04000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-04-27 21:06:03,541",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e9fa6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08127000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-04-27 21:06:03,588",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e9fe1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-04-27 21:06:03,603",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e98ff",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-04-27 21:06:03,603",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e98ff",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-04-27 21:06:03,603",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e935f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-04-27 21:06:03,603",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e935f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebf410"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-04-27 21:06:03,603",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051e935f",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-04-27 21:06:03,635",
            "thread_id": "6700",
            "caller": "0x051eaf1e",
            "parentcaller": "0x051eae93",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ApcRoutine",
                "value": "0x77e6c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-04-27 21:06:03,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "391"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-04-27 21:06:03,822",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eafe2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-04-27 21:06:03,838",
            "thread_id": "6700",
            "caller": "0x051eb04f",
            "parentcaller": "0x051e93a8",
            "category": "threading",
            "api": "NtQueueApcThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "ThreadId",
                "value": "8184"
              },
              {
                "name": "ThreadHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ApcRoutine",
                "value": "0x77e6c070"
              },
              {
                "name": "Module",
                "value": "ntdll.dll"
              },
              {
                "name": "Name",
                "value": "RtlDispatchAPC"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x083d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb131",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetForegroundWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d515b0"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb170",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowThreadProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4a660"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-04-27 21:06:03,885",
            "thread_id": "7312",
            "caller": "0x02902420",
            "parentcaller": "0x051eb0c7",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 7,
            "id": 2302
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8184",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000524"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7381cbab"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "8048"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8184",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000524",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7381cbab"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "8048"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8184",
            "caller": "0x7727d303",
            "parentcaller": "0x738b5d44",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000524"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "8048"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8184",
            "caller": "0x7726269a",
            "parentcaller": "0x738b5d4b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "7312",
            "caller": "0x02902420",
            "parentcaller": "0x051eb0c7",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93c0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07808000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8048",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 2310
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8048",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8048",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb396",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08128000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs\\cape"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-04-27 21:06:04,072",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x051e93cf",
            "parentcaller": "0x051e92b7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x077f07a1",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x077f07a1",
            "parentcaller": "0x051e93cf",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs\\cape"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\a054161\\46043f61"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\a054161\\46043f61"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Lzma#.DLL"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Lzma#/Lzma#.DLL"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Lzma#.EXE"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/Lzma#/Lzma#.EXE"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#.dll"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-04-27 21:06:04,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#\\Lzma#.dll"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#.exe"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051e93d5",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#\\Lzma#.exe"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb76b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb76b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb7ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb7ea",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\219e9581\\3b405a35"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\219e9581\\3b405a35"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/SurveillanceExClientPlugin.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/SurveillanceExClientPlugin.resources/SurveillanceExClientPlugin.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/SurveillanceExClientPlugin.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru-RU/SurveillanceExClientPlugin.resources/SurveillanceExClientPlugin.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-04-27 21:06:04,103",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\219e9581\\26de983b"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\219e9581\\26de983b"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/SurveillanceExClientPlugin.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/SurveillanceExClientPlugin.resources/SurveillanceExClientPlugin.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/SurveillanceExClientPlugin.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/cape/AppData/Local/Temp/ru/SurveillanceExClientPlugin.resources/SurveillanceExClientPlugin.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb76b",
            "parentcaller": "0x02910626",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000524"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000524"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08510000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007db240"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb772",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08129000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-04-27 21:06:04,119",
            "thread_id": "6700",
            "caller": "0x051eb8ab",
            "parentcaller": "0x051e93d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-04-27 21:06:04,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "LookupPrivilegeValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2374
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "LookupPrivilegeValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76eba000"
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x077f1364",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LookupPrivilegeValueW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "SystemName",
                "value": ""
              },
              {
                "name": "PrivilegeName",
                "value": "SeDebugPrivilege"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea30"
              }
            ],
            "repeated": 0,
            "id": 2377
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x077f141c",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000020"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustTokenPrivileges"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebfe40"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustTokenPrivilegesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ee0"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x077f159e",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\psapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\psapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-04-27 21:06:04,150",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\psapi"
              },
              {
                "name": "DllBase",
                "value": "0x76a70000"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-04-27 21:06:04,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eb9b5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07809000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-04-27 21:06:04,182",
            "thread_id": "6700",
            "caller": "0x051ebe7a",
            "parentcaller": "0x051ebe46",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00800000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-04-27 21:06:04,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ebec8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0812a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "psapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a70000"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76a70000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "psapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76a70000"
              },
              {
                "name": "FunctionName",
                "value": "EnumProcesses"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76a713c0"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "psapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76a70000"
              },
              {
                "name": "FunctionName",
                "value": "EnumProcessesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x077f1658",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "K32EnumProcesses",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000050c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x00\\x90\\x00\\xf8\\x19\\x00\\x00\\x90\\x1c\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7312"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GlobalMemoryStatusEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad1de0"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "25"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "8191"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-04-27 21:06:04,197",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2399
          },
          {
            "timestamp": "2026-04-27 21:06:04,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-04-27 21:06:04,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 2401
          },
          {
            "timestamp": "2026-04-27 21:06:04,228",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ebdb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-04-27 21:06:04,228",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ebdb5",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-04-27 21:06:04,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-04-27 21:06:04,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 2405
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06568000"
              },
              {
                "name": "RegionSize",
                "value": "0x00041000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x72e73ec7",
            "parentcaller": "0x737e1b8c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x73c0f621",
            "parentcaller": "0x72e3a26a",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a833b8"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x73c0f621",
            "parentcaller": "0x72e3a26a",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83378"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000470"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x72e73ec7",
            "parentcaller": "0x737e1b8c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003fc"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x73c0f621",
            "parentcaller": "0x72e3a26a",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a838b8"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x72e73ec7",
            "parentcaller": "0x737e1b8c",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000434"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x73c0f621",
            "parentcaller": "0x72e3a26a",
            "category": "crypto",
            "api": "CryptDestroyHash",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptHash",
                "value": "0x00a83cb8"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x77e40000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb2df0"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb184",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": false,
            "return": "0xffffffffc0000004",
            "pretty_return": "INFO_LENGTH_MISMATCH",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06de1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-04-27 21:06:04,369",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-04-27 21:06:04,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ebdb5",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-04-27 21:06:04,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eba88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-04-27 21:06:04,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eba88",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-04-27 21:06:04,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eba88",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-04-27 21:06:04,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eba88",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-04-27 21:06:04,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-04-27 21:06:04,432",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ec7ca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-04-27 21:06:04,447",
            "thread_id": "6700",
            "caller": "0x051eb8fd",
            "parentcaller": "0x051e93d5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06e18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-04-27 21:06:04,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x051ed205",
            "parentcaller": "0x051eb909",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05602000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x051ed205",
            "parentcaller": "0x051eb909",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05612000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x051ed205",
            "parentcaller": "0x051eb909",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05622000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x051ed205",
            "parentcaller": "0x051eb909",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05632000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x051ed3cf",
            "parentcaller": "0x051ed35a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05642000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-04-27 21:06:04,478",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ed3f8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0812b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb194",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetKeyboardLayout"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4f170"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x0290a3a6",
            "parentcaller": "0x051eb194",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb202",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x051eb202",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d49d50"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2446
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-04-27 21:06:04,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-04-27 21:06:04,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-04-27 21:06:04,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-04-27 21:06:04,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-04-27 21:06:04,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-04-27 21:06:04,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-04-27 21:06:04,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-04-27 21:06:04,588",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc0f",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-04-27 21:06:04,588",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-04-27 21:06:04,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-04-27 21:06:04,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-04-27 21:06:04,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-04-27 21:06:04,650",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ede3f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-04-27 21:06:04,650",
            "thread_id": "6700",
            "caller": "0x051edfc1",
            "parentcaller": "0x051ede3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77060000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateGuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77bf6f40"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76640000"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76640000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ws2_32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSAStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76649cc0"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-04-27 21:06:04,682",
            "thread_id": "6700",
            "caller": "0x0290a110",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "WSAStartup",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "VersionRequested",
                "value": "0x00000202"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-04-27 21:06:04,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-04-27 21:06:04,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-04-27 21:06:04,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x02902420",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion"
              },
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x02902420",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebe8e0"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f18e0",
            "parentcaller": "0x02902420",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "InstallationType"
              },
              {
                "name": "Data",
                "value": "Client"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSASocketW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664cbc0"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f1974",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664f070"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f1974",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSAEventSelect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664c860"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f1974",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "ioctlsocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76652520"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f1974",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "closesocket"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664ea60"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-04-27 21:06:04,775",
            "thread_id": "6700",
            "caller": "0x077f1998",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\mswsock"
              },
              {
                "name": "DllBase",
                "value": "0x747c0000"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1998",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x747c0000"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1998",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000534",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1332"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1a6e",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1332"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1332"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1998",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mswsock.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x747c0000"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1998",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000534",
            "arguments": [
              {
                "name": "af",
                "value": "23",
                "pretty_value": "AF_INET6"
              },
              {
                "name": "type",
                "value": "2",
                "pretty_value": "SOCK_DGRAM"
              },
              {
                "name": "protocol",
                "value": "0"
              },
              {
                "name": "socket",
                "value": "1332"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x077f1a6e",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "setsockopt",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1332"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x0290a7be",
            "parentcaller": "0x051edcea",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1332"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\159a66b8\\424bd4d8"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\159a66b8\\424bd4d8"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 2496
          },
          {
            "timestamp": "2026-04-27 21:06:04,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-04-27 21:06:04,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-04-27 21:06:04,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-04-27 21:06:04,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-04-27 21:06:04,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000530"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-04-27 21:06:04,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000530"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ddf2c"
              },
              {
                "name": "ViewSize",
                "value": "0x0006c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-04-27 21:06:04,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000530"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08690000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007ddf2c"
              },
              {
                "name": "ViewSize",
                "value": "0x0006c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-04-27 21:06:04,885",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-04-27 21:06:04,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.INI"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-04-27 21:06:04,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-04-27 21:06:04,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-04-27 21:06:04,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-04-27 21:06:04,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-04-27 21:06:04,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0812c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-04-27 21:06:04,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-04-27 21:06:04,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08620000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-04-27 21:06:04,994",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000534"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000540"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000002"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x08700000"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x08700000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000009"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-04-27 21:06:05,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-04-27 21:06:05,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x000007ec",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-04-27 21:06:05,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-04-27 21:06:05,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee452",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08622000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-04-27 21:06:05,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-04-27 21:06:05,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-04-27 21:06:05,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-04-27 21:06:05,103",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-04-27 21:06:05,103",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-04-27 21:06:05,150",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2530
          },
          {
            "timestamp": "2026-04-27 21:06:05,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-04-27 21:06:05,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-04-27 21:06:05,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-04-27 21:06:05,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-04-27 21:06:05,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee48a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-04-27 21:06:05,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee50c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-04-27 21:06:05,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-04-27 21:06:05,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-04-27 21:06:05,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-04-27 21:06:05,228",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee71d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-04-27 21:06:05,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee71d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0292f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-04-27 21:06:05,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-04-27 21:06:05,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2543
          },
          {
            "timestamp": "2026-04-27 21:06:05,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee9b2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee9b2",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08623000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-04-27 21:06:05,322",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-04-27 21:06:05,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-04-27 21:06:05,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-04-27 21:06:05,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0780f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-04-27 21:06:05,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-04-27 21:06:05,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-04-27 21:06:05,400",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-04-27 21:06:05,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-04-27 21:06:05,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-04-27 21:06:05,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x051ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051eea65",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee72c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-04-27 21:06:05,447",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee72c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee72c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee72c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08624000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051ee72c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-04-27 21:06:05,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640627",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-04-27 21:06:05,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640627",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-04-27 21:06:05,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-04-27 21:06:05,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-04-27 21:06:05,510",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640c34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-04-27 21:06:05,541",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640c34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08641000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-04-27 21:06:05,541",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640c34",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08625000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-04-27 21:06:05,541",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08640c34",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57"
              },
              {
                "name": "Handle",
                "value": "0x00000554"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "7"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57\\7"
              },
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-04-27 21:06:05,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Xml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ConfigMask"
              },
              {
                "name": "Data",
                "value": "4361"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigMask"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ConfigString"
              },
              {
                "name": "Data",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigString"
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "MVID"
              },
              {
                "name": "Data",
                "value": "\\xba\\xe2N\\x9b\\xcb\\xc0\\x1b\\xb2\\xa0\\xedO\\xa7Q4pA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MVID"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "NI\\6faf58\\19ab8d57\\7"
              },
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "EvalationData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\EvalationData"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\Status"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "ILDependencies"
              },
              {
                "name": "Data",
                "value": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x8fcu';Y\\x11\\x05\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ILDependencies"
              }
            ],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "NIDependencies"
              },
              {
                "name": "Data",
                "value": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\NIDependencies"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "MissingDependencies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000368"
              },
              {
                "name": "SubKey",
                "value": "IL\\75638fee\\11593b27\\5"
              },
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "DisplayName"
              },
              {
                "name": "Data",
                "value": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\DisplayName"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Status"
              },
              {
                "name": "Data",
                "value": "4098"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Status"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "Modules"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Modules"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "SIG"
              },
              {
                "name": "Data",
                "value": "9S\\x1e/K\\x98DN\\xa1\\xa3^\\xba\\xd8\\xae\\xa3M\\x85\\x11\\x9b\\x17\\x815z^\\x15:\\xb8\\xb7\\x13\\x01\\xd4)\\xebl\\xb1\\x90"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\SIG"
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              },
              {
                "name": "ValueName",
                "value": "LastModTime"
              },
              {
                "name": "Data",
                "value": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\LastModTime"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003b4"
              },
              {
                "name": "SubKey",
                "value": "policy.2.0.System.Data.SqlXml__b77a5c561934e089"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Data.SqlXml__b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "ValueName",
                "value": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL"
              },
              {
                "name": "Data",
                "value": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 2619
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-04-27 21:06:05,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-04-27 21:06:05,619",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-04-27 21:06:05,619",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-04-27 21:06:05,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-04-27 21:06:05,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-04-27 21:06:05,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-04-27 21:06:05,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-04-27 21:06:05,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-04-27 21:06:05,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-04-27 21:06:05,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-04-27 21:06:05,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-04-27 21:06:05,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-04-27 21:06:05,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-04-27 21:06:05,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-04-27 21:06:05,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-04-27 21:06:05,869",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\bae24e9bcbc01bb2a0ed4fa751347041\\System.Xml.ni"
              },
              {
                "name": "DllBase",
                "value": "0x70900000"
              }
            ],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-04-27 21:06:05,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\bae24e9bcbc01bb2a0ed4fa751347041\\System.Xml.ni.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70900000"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-04-27 21:06:05,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x70900000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\bae24e9bcbc01bb2a0ed4fa751347041\\System.Xml.ni.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-04-27 21:06:05,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-04-27 21:06:05,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-04-27 21:06:05,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-04-27 21:06:05,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 3,
            "id": 2642
          },
          {
            "timestamp": "2026-04-27 21:06:05,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "MSCORWKS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737e0000"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-04-27 21:06:05,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscorjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x716c0000"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-04-27 21:06:05,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.INI"
              }
            ],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-04-27 21:06:05,978",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-04-27 21:06:05,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-04-27 21:06:05,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-04-27 21:06:05,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-04-27 21:06:06,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-04-27 21:06:06,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-04-27 21:06:06,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-04-27 21:06:06,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-04-27 21:06:06,072",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-04-27 21:06:06,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-04-27 21:06:06,088",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-04-27 21:06:06,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-04-27 21:06:06,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08642000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-04-27 21:06:06,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-04-27 21:06:06,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-04-27 21:06:06,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-04-27 21:06:06,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051efa95",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-04-27 21:06:06,150",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-04-27 21:06:06,150",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-04-27 21:06:06,166",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2670
          },
          {
            "timestamp": "2026-04-27 21:06:06,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-04-27 21:06:06,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-04-27 21:06:06,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-04-27 21:06:06,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-04-27 21:06:06,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-04-27 21:06:06,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-04-27 21:06:06,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-04-27 21:06:06,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-04-27 21:06:06,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-04-27 21:06:06,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-04-27 21:06:06,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-04-27 21:06:06,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-04-27 21:06:06,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-04-27 21:06:06,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-04-27 21:06:06,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-04-27 21:06:06,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-04-27 21:06:06,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x08642376",
            "parentcaller": "0x0864233c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08626000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864237d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2e80"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864237d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864237d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ebea30"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864237d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              },
              {
                "name": "Handle",
                "value": "0x0000054c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000054c"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319.00000"
              },
              {
                "name": "Handle",
                "value": "0x00000548"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000548"
              },
              {
                "name": "SubKey",
                "value": "mscorwks.dll"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x086423e4",
            "parentcaller": "0x08640562",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864190c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864190c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864287d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864287d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3330"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-04-27 21:06:06,463",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x0864287d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-04-27 21:06:06,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-04-27 21:06:06,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-04-27 21:06:06,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-04-27 21:06:06,525",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x08642b9d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-04-27 21:06:06,525",
            "thread_id": "6700",
            "caller": "0x077f089b",
            "parentcaller": "0x08642b42",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-04-27 21:06:06,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-04-27 21:06:06,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-04-27 21:06:06,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-04-27 21:06:06,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-04-27 21:06:06,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-04-27 21:06:06,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-04-27 21:06:06,666",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-04-27 21:06:06,666",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "`\\x1a\\xad\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              },
              {
                "name": "Handle",
                "value": "0x0000055c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000055c"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2725
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x02902420",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\cape\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x02902420",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-04-27 21:06:06,697",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-04-27 21:06:06,713",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-04-27 21:06:06,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-04-27 21:06:06,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-04-27 21:06:06,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02911000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x077f1d81",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05652000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "7a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name"
              },
              {
                "name": "Length",
                "value": "18712"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x077f1d81",
            "parentcaller": "0x02902420",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05662000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000548"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "PublicKeyToken=b03f5f7f11d50a3a\"/>\r\n                <add name=\"AspNetWindowsTokenRoleProvider\" applicationName=\"/\" type=\"System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\"/>\r\n       "
              },
              {
                "name": "Length",
                "value": "3228"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-04-27 21:06:06,728",
            "thread_id": "6700",
            "caller": "0x02902420",
            "parentcaller": "0x08641a02",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "\\xcb\\x00\\xd8/\\x8b\\xaa\\xe9\\xb9"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-04-27 21:06:06,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-04-27 21:06:06,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-04-27 21:06:06,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-04-27 21:06:06,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08641a02",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-04-27 21:06:06,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08641a02",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3360"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-04-27 21:06:06,791",
            "thread_id": "6700",
            "caller": "0x077f1ed2",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00p\\x00\\x00\\x00\\x00\\x00\\x00\\xb3e\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-04-27 21:06:06,791",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08641a02",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "ReadFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad34c0"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-04-27 21:06:06,791",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x08641a02",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.com/"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-04-27 21:06:06,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-04-27 21:06:06,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-04-27 21:06:06,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-04-27 21:06:06,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08641a39",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-04-27 21:06:06,900",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08641a39",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-04-27 21:06:06,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-04-27 21:06:06,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-04-27 21:06:06,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-04-27 21:06:06,916",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e01",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08643000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-04-27 21:06:06,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08631000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-04-27 21:06:06,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-04-27 21:06:06,947",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-04-27 21:06:06,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-04-27 21:06:06,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-04-27 21:06:06,963",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08780000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-04-27 21:06:06,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-04-27 21:06:06,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-04-27 21:06:06,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08644000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08627000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08780000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-04-27 21:06:07,025",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08642e45",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-04-27 21:06:07,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-04-27 21:06:07,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-04-27 21:06:07,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-04-27 21:06:07,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x08643004",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "a5c561934e089\">\r\n            <section name=\"schemaImporterExtensions\" type=\"System.Xml.Serialization.Configuration.SchemaImporterExtensionsSection, System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name="
              },
              {
                "name": "Length",
                "value": "16384"
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x08644568",
            "parentcaller": "0x0864386a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-04-27 21:06:07,119",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-04-27 21:06:07,135",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08780000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-04-27 21:06:07,135",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08790000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-04-27 21:06:07,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-04-27 21:06:07,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-04-27 21:06:07,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08645000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08790000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08780000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08644cb5",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-04-27 21:06:07,166",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864547d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08628000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-04-27 21:06:07,182",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2797
          },
          {
            "timestamp": "2026-04-27 21:06:07,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-04-27 21:06:07,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-04-27 21:06:07,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864558f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08646000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-04-27 21:06:07,182",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08646622",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08646622",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08646622",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08646622",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-04-27 21:06:07,197",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08646ec6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08647000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-04-27 21:06:07,213",
            "thread_id": "6700",
            "caller": "0x077f0a53",
            "parentcaller": "0x08647502",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000554"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "mework Data Provider for Odbc\" type=\"System.Data.Odbc.OdbcFactory, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n           <add name=\"OleDb Data Provider\" invariant=\"System.Data.OleDb\" description=\".Net Framework Data "
              },
              {
                "name": "Length",
                "value": "5555"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-04-27 21:06:07,213",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x08647577",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-04-27 21:06:07,213",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864779d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08629000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-04-27 21:06:07,213",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x077f06dc",
            "parentcaller": "0x0864287d",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config"
              }
            ],
            "repeated": 1,
            "id": 2817
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647a7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-04-27 21:06:07,228",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647a7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647a7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08648000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647a7c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647a7c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647c89",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08647c89",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-04-27 21:06:07,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x086486e1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74160000"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x086486e1",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74160000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x086486e1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74160000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74173a30"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x077f1f81",
            "parentcaller": "0x086486e1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x077f1f81",
            "parentcaller": "0x086486e1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73e10000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73e24610"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-04-27 21:06:07,275",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x086487ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-04-27 21:06:07,291",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x086487ef",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08632000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-04-27 21:06:07,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-04-27 21:06:07,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-04-27 21:06:07,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-04-27 21:06:07,338",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648b7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-04-27 21:06:07,369",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648b7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-04-27 21:06:07,369",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-04-27 21:06:07,369",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08633000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08649000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649051",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-04-27 21:06:07,385",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649051",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-04-27 21:06:07,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-04-27 21:06:07,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-04-27 21:06:07,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648a92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648a92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648a92",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08680000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648a92",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649baa",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-04-27 21:06:07,494",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648abf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-04-27 21:06:07,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-04-27 21:06:07,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-04-27 21:06:07,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-04-27 21:06:07,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648abf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-04-27 21:06:07,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08648abf",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-04-27 21:06:07,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649db6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08634000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-04-27 21:06:07,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649db6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-04-27 21:06:07,557",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x08649db6",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864a4f3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864a4f3",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "6700",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-04-27 21:06:07,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-04-27 21:06:07,619",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-04-27 21:06:07,635",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864afee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-04-27 21:06:07,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-04-27 21:06:07,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-04-27 21:06:07,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864b873",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864b873",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05692000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2e90"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessIdW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad13a0"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x0290afec",
            "parentcaller": "0x051edcea",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Library"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x077f18e0",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Library"
              },
              {
                "name": "Data",
                "value": "%systemroot%\\system32\\netfxperf.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "IsMultiInstance"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x077f055e",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "IsMultiInstance"
              },
              {
                "name": "Data",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "First Counter"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x077f055e",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "First Counter"
              },
              {
                "name": "Data",
                "value": "6828"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-04-27 21:06:07,713",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x0290aab3",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
              },
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "CategoryOptions"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions"
              }
            ],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f055e",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "CategoryOptions"
              },
              {
                "name": "Data",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "FileMappingSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f055e",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "FileMappingSize"
              },
              {
                "name": "Data",
                "value": "131072"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize"
              }
            ],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Counter Names"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x0290abb6",
            "parentcaller": "0x051edcea",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "ValueName",
                "value": "Counter Names"
              },
              {
                "name": "Data",
                "value": "C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00 \\x00E\\x00s\\x00t\\x00a\\x00b\\x00l\\x00i\\x00s\\x00h\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertStringSecurityDescriptorToSecurityDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertStringSecurityDescriptorToSecurityDescriptorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76eb86d0"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f205c",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "LocalFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf530"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileMapping"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileMappingW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad04a0"
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f217f",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2ee0"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f217f",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000584"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\netfxcustomperfcounters.1.0.net clr networking"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "MapViewOfFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf590"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f2204",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "UnmapViewOfFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad05d0"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f2230",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000584"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08670000"
              },
              {
                "name": "SectionOffset",
                "value": "0x007de6b4"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "VirtualQuery"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf570"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWellKnownSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ec0440"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ea0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWellKnownSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "WaitForSingleObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad30d0"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenMutexW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3020"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f259b",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 1,
            "id": 2933
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad0630"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f2693",
            "parentcaller": "0x051edcea",
            "category": "process",
            "api": "NtOpenProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000588"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessTimes"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76acf320"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessTimesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f0266",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-04-27 21:06:07,728",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 1,
            "id": 2940
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2944
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2945
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2950
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2955
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2960
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2965
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2970
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2975
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2980
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f019f",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "MutexName",
                "value": "Global\\.net clr networking"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f24b6",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              },
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x051edcea",
            "parentcaller": "0x051e0860",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-04-27 21:06:07,744",
            "thread_id": "6700",
            "caller": "0x077f00a7",
            "parentcaller": "0x051edcea",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 1,
            "id": 2985
          },
          {
            "timestamp": "2026-04-27 21:06:07,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-04-27 21:06:07,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-04-27 21:06:07,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-04-27 21:06:07,807",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x051edcea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "inet_addr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x766457e0"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-04-27 21:06:07,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-04-27 21:06:07,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-04-27 21:06:07,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-04-27 21:06:07,869",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-04-27 21:06:07,869",
            "thread_id": "6700",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06e40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "6700",
            "caller": "0x051e01a2",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d10000"
              },
              {
                "name": "FunctionName",
                "value": "WaitMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d52540"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c225",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c225",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-04-27 21:06:07,932",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c225",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08770000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-04-27 21:06:07,947",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\dnsapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-04-27 21:06:07,947",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\dnsapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-04-27 21:06:07,947",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\dnsapi"
              },
              {
                "name": "DllBase",
                "value": "0x71070000"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-04-27 21:06:07,963",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\IPHLPAPI"
              },
              {
                "name": "DllBase",
                "value": "0x74bb0000"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-04-27 21:06:07,963",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-04-27 21:06:07,963",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NSI"
              },
              {
                "name": "DllBase",
                "value": "0x77e20000"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-04-27 21:06:07,978",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "dnsapi.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71070000"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-04-27 21:06:07,978",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71070000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "dnsapi.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-04-27 21:06:07,978",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c324",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "dnsapi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71070000"
              },
              {
                "name": "FunctionName",
                "value": "DnsQuery_A"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x710c5340"
              }
            ],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-04-27 21:06:07,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-04-27 21:06:08,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-04-27 21:06:08,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3013
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02874000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 3015
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1428"
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x77271454",
            "parentcaller": "0x7664a730",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000594"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-04-27 21:06:08,119",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c746",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c746",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08648b7c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08648b7c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864b4f3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864b4f3",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c984",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c984",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c9ac",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c9ac",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x08649dd4",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb3e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb3e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb3e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb3e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb79",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cb79",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cba1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cba1",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cd7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-04-27 21:06:08,135",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cd7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cd7f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cd7f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864cd7f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864d01f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864d01f",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a631",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a631",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-04-27 21:06:08,166",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a63d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a63d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864d419",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864d419",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a64e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a64e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a694",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a694",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08635000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a694",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a6a0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-04-27 21:06:08,182",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a6a0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a6a0",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a6ad",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a6ad",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a75b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a75b",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a81a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a81a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a95e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864a95e",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x077f1cae",
            "parentcaller": "0x0864237d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x02910626",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-04-27 21:06:08,197",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x000005a0",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1440"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-04-27 21:06:08,228",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-04-27 21:06:08,228",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-04-27 21:06:08,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864c650",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664f070"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864da34",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "bind"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664d890"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005a0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-04-27 21:06:08,260",
            "thread_id": "7312",
            "caller": "0x02910626",
            "parentcaller": "0x0864da34",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSAIoctl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664f3b0"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-04-27 21:06:08,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x077f1658",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "K32EnumProcesses",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": false,
            "return": "0xffffffffc0000004",
            "pretty_return": "INFO_LENGTH_MISMATCH",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06e80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x0290a3a6",
            "parentcaller": "0x051eb194",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-04-27 21:06:08,369",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-04-27 21:06:08,385",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3107
          },
          {
            "timestamp": "2026-04-27 21:06:08,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-04-27 21:06:08,447",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3109
          },
          {
            "timestamp": "2026-04-27 21:06:08,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-04-27 21:06:08,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-04-27 21:06:08,510",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-04-27 21:06:08,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-04-27 21:06:08,541",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 2,
            "id": 3114
          },
          {
            "timestamp": "2026-04-27 21:06:08,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-04-27 21:06:08,650",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-04-27 21:06:08,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-04-27 21:06:08,682",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 1,
            "id": 3118
          },
          {
            "timestamp": "2026-04-27 21:06:08,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-04-27 21:06:08,744",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-04-27 21:06:08,744",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-04-27 21:06:08,744",
            "thread_id": "8048",
            "caller": "0x77e6f695",
            "parentcaller": "0x77e87aa4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00b0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-04-27 21:06:08,791",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-04-27 21:06:08,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-04-27 21:06:08,853",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "8048",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00aef940"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1796"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "8048",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000005b4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00aef940"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "1796"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "8048",
            "caller": "0x7727d303",
            "parentcaller": "0x7386ba5f",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005b4"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "1796"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 3130
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x088f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "setsockopt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664f070"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-04-27 21:06:08,869",
            "thread_id": "1796",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005b4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\x90\\x90\\x00\\xf8\\x19\\x00\\x00\\x04\\x07\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1796"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-04-27 21:06:08,885",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-04-27 21:06:08,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-04-27 21:06:08,916",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-04-27 21:06:08,932",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-04-27 21:06:08,932",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-04-27 21:06:08,932",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864dcd8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-04-27 21:06:08,932",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864df6b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "getpeername"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76653200"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e0cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e0cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetComputerNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad13a0"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e2af",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e2af",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e2af",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864e2af",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864ed7a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSASend"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664dff0"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1440"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864edcf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WS2_32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76640000"
              },
              {
                "name": "FunctionName",
                "value": "WSARecv"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7664ed70"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-04-27 21:06:08,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-04-27 21:06:08,963",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864dd2c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-04-27 21:06:08,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864dd2c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0864f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864dd2c",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x0864f059",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0862f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1440"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x051ed61d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-04-27 21:06:08,978",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x051ed61d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "CreateEventW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad2f60"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-04-27 21:06:09,010",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x051ed61d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-04-27 21:06:09,010",
            "thread_id": "6700",
            "caller": "0x02910626",
            "parentcaller": "0x029108ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad3080"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-04-27 21:06:09,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-04-27 21:06:09,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-04-27 21:06:09,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-04-27 21:06:09,041",
            "thread_id": "1796",
            "caller": "0x02910626",
            "parentcaller": "0x051ed61d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "GetExitCodeThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ad20e0"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-04-27 21:06:09,041",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-04-27 21:06:09,057",
            "thread_id": "7312",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-04-27 21:06:09,088",
            "thread_id": "1796",
            "caller": "0x051e6260",
            "parentcaller": "0x0864f13f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b05000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-04-27 21:06:09,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-04-27 21:06:09,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-04-27 21:06:09,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "34"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-04-27 21:06:09,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 2,
            "id": 3186
          },
          {
            "timestamp": "2026-04-27 21:06:09,385",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-04-27 21:06:09,385",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-04-27 21:06:09,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-04-27 21:06:09,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-04-27 21:06:09,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 6,
            "id": 3191
          },
          {
            "timestamp": "2026-04-27 21:06:09,885",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-04-27 21:06:09,885",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-04-27 21:06:09,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3194
          },
          {
            "timestamp": "2026-04-27 21:06:10,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-04-27 21:06:10,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-04-27 21:06:10,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-04-27 21:06:10,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-04-27 21:06:10,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-04-27 21:06:10,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 2,
            "id": 3200
          },
          {
            "timestamp": "2026-04-27 21:06:10,400",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-04-27 21:06:10,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-04-27 21:06:10,510",
            "thread_id": "8184",
            "caller": "0x737e55cd",
            "parentcaller": "0x737e545c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 7,
            "id": 3203
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "8048",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00aef880"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2068"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "8048",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000005e8",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00aef880"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "2068"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "8048",
            "caller": "0x7727d303",
            "parentcaller": "0x7386ba5f",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005e8"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "2068"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 3210
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a31000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x772761f1",
            "parentcaller": "0x737e2553",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-04-27 21:06:10,572",
            "thread_id": "2068",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xc0\\x90\\x00\\xf8\\x19\\x00\\x00\\x14\\x08\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2068"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-04-27 21:06:10,588",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 3219
          },
          {
            "timestamp": "2026-04-27 21:06:10,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-04-27 21:06:10,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-04-27 21:06:10,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-04-27 21:06:10,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-04-27 21:06:10,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-04-27 21:06:10,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-04-27 21:06:10,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-04-27 21:06:10,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-04-27 21:06:10,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-04-27 21:06:10,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-04-27 21:06:10,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-04-27 21:06:10,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-04-27 21:06:10,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-04-27 21:06:10,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-04-27 21:06:10,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-04-27 21:06:10,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-04-27 21:06:10,963",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-04-27 21:06:10,963",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-04-27 21:06:10,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-04-27 21:06:11,025",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-04-27 21:06:11,025",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-04-27 21:06:11,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-04-27 21:06:11,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-04-27 21:06:11,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-04-27 21:06:11,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-04-27 21:06:11,088",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-04-27 21:06:11,088",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-04-27 21:06:11,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-04-27 21:06:11,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-04-27 21:06:11,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-04-27 21:06:11,228",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3250
          },
          {
            "timestamp": "2026-04-27 21:06:11,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-04-27 21:06:11,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-04-27 21:06:11,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-04-27 21:06:11,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3254
          },
          {
            "timestamp": "2026-04-27 21:06:11,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-04-27 21:06:11,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-04-27 21:06:11,353",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-04-27 21:06:11,353",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-04-27 21:06:11,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-04-27 21:06:11,416",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-04-27 21:06:11,416",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-04-27 21:06:11,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-04-27 21:06:11,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-04-27 21:06:11,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-04-27 21:06:11,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-04-27 21:06:11,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-04-27 21:06:11,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-04-27 21:06:11,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-04-27 21:06:11,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-04-27 21:06:11,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-04-27 21:06:11,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-04-27 21:06:11,603",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-04-27 21:06:11,603",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-04-27 21:06:11,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-04-27 21:06:11,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-04-27 21:06:11,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-04-27 21:06:11,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-04-27 21:06:11,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-04-27 21:06:11,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-04-27 21:06:11,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-04-27 21:06:11,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-04-27 21:06:11,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-04-27 21:06:11,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-04-27 21:06:11,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-04-27 21:06:11,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-04-27 21:06:11,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-04-27 21:06:11,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-04-27 21:06:11,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-04-27 21:06:11,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-04-27 21:06:11,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-04-27 21:06:11,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-04-27 21:06:12,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-04-27 21:06:12,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-04-27 21:06:12,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-04-27 21:06:12,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-04-27 21:06:12,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-04-27 21:06:12,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-04-27 21:06:12,119",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-04-27 21:06:12,119",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-04-27 21:06:12,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-04-27 21:06:12,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-04-27 21:06:12,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "46"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-04-27 21:06:12,244",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3303
          },
          {
            "timestamp": "2026-04-27 21:06:12,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-04-27 21:06:12,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-04-27 21:06:12,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-04-27 21:06:12,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-04-27 21:06:12,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-04-27 21:06:12,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-04-27 21:06:12,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-04-27 21:06:12,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-04-27 21:06:12,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-04-27 21:06:12,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-04-27 21:06:12,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-04-27 21:06:12,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-04-27 21:06:12,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-04-27 21:06:12,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-04-27 21:06:12,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-04-27 21:06:12,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-04-27 21:06:12,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-04-27 21:06:12,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-04-27 21:06:12,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-04-27 21:06:12,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-04-27 21:06:12,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-04-27 21:06:12,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-04-27 21:06:12,635",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-04-27 21:06:12,635",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-04-27 21:06:12,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-04-27 21:06:12,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-04-27 21:06:12,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-04-27 21:06:12,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-04-27 21:06:12,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-04-27 21:06:12,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-04-27 21:06:12,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-04-27 21:06:12,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-04-27 21:06:12,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-04-27 21:06:12,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-04-27 21:06:12,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-04-27 21:06:12,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-04-27 21:06:12,963",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-04-27 21:06:12,963",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-04-27 21:06:12,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-04-27 21:06:13,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-04-27 21:06:13,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-04-27 21:06:13,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-04-27 21:06:13,072",
            "thread_id": "7312",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06eb7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-04-27 21:06:13,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-04-27 21:06:13,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-04-27 21:06:13,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-04-27 21:06:13,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-04-27 21:06:13,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000060c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1548"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000060c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "7312",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-04-27 21:06:13,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-04-27 21:06:13,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-04-27 21:06:13,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-04-27 21:06:13,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7394890c"
              },
              {
                "name": "Parameter",
                "value": "0x00aef8d0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3892"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              },
              {
                "name": "Module",
                "value": "mscorwks.dll"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x77276987",
            "parentcaller": "0x76ad0f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x0000061c",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7394890c"
              },
              {
                "name": "ModuleName",
                "value": "mscorwks.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00aef8d0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3892"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x7727d303",
            "parentcaller": "0x7386ba5f",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000061c"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3892"
              },
              {
                "name": "ProcessId",
                "value": "6648"
              }
            ],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1548"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x00d27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1548"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e7138f",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e713ac",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e713c2",
            "parentcaller": "0x77e7110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e6f04b",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08c70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e6f092",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08c70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02875000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02877000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e7138f",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e713ac",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e713c2",
            "parentcaller": "0x77e7110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e6f04b",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08c80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-04-27 21:06:13,213",
            "thread_id": "3892",
            "caller": "0x77e6f092",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08c80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-04-27 21:06:13,228",
            "thread_id": "3892",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 2,
            "id": 3396
          },
          {
            "timestamp": "2026-04-27 21:06:13,228",
            "thread_id": "3892",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-04-27 21:06:13,228",
            "thread_id": "3892",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-04-27 21:06:13,228",
            "thread_id": "3892",
            "caller": "0x7386aa35",
            "parentcaller": "0x7386aa9a",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-04-27 21:06:13,228",
            "thread_id": "3892",
            "caller": "0x772761f1",
            "parentcaller": "0x7386ab1a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b71000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fa000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3403
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "7312",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "1796",
            "caller": "0x0864f527",
            "parentcaller": "0x0864f343",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0293b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-04-27 21:06:13,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-04-27 21:06:13,291",
            "thread_id": "2276",
            "caller": "0x77eab5a6",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2276"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-04-27 21:06:13,291",
            "thread_id": "2276",
            "caller": "0x77eab5c9",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-04-27 21:06:13,291",
            "thread_id": "3172",
            "caller": "0x77eab5a6",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3172"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-04-27 21:06:13,291",
            "thread_id": "3172",
            "caller": "0x77eab5c9",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-04-27 21:06:13,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-04-27 21:06:13,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-04-27 21:06:13,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-04-27 21:06:13,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-04-27 21:06:13,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-04-27 21:06:13,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-04-27 21:06:13,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-04-27 21:06:13,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-04-27 21:06:13,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-04-27 21:06:13,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-04-27 21:06:13,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-04-27 21:06:13,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-04-27 21:06:13,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-04-27 21:06:13,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-04-27 21:06:13,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-04-27 21:06:13,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-04-27 21:06:13,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-04-27 21:06:13,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-04-27 21:06:13,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-04-27 21:06:13,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-04-27 21:06:13,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-04-27 21:06:13,728",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-04-27 21:06:13,728",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-04-27 21:06:13,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-04-27 21:06:13,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-04-27 21:06:13,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-04-27 21:06:13,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-04-27 21:06:13,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-04-27 21:06:13,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-04-27 21:06:13,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-04-27 21:06:13,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-04-27 21:06:13,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-04-27 21:06:13,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-04-27 21:06:13,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-04-27 21:06:13,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-04-27 21:06:14,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-04-27 21:06:14,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-04-27 21:06:14,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-04-27 21:06:14,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-04-27 21:06:14,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-04-27 21:06:14,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-04-27 21:06:14,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-04-27 21:06:14,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-04-27 21:06:14,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-04-27 21:06:14,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-04-27 21:06:14,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-04-27 21:06:14,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-04-27 21:06:14,244",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-04-27 21:06:14,244",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-04-27 21:06:14,260",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3466
          },
          {
            "timestamp": "2026-04-27 21:06:14,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-04-27 21:06:14,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-04-27 21:06:14,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-04-27 21:06:14,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-04-27 21:06:14,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-04-27 21:06:14,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-04-27 21:06:14,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-04-27 21:06:14,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-04-27 21:06:14,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-04-27 21:06:14,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-04-27 21:06:14,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-04-27 21:06:14,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-04-27 21:06:14,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-04-27 21:06:14,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-04-27 21:06:14,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-04-27 21:06:14,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-04-27 21:06:14,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-04-27 21:06:14,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-04-27 21:06:14,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-04-27 21:06:14,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-04-27 21:06:14,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-04-27 21:06:14,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-04-27 21:06:14,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-04-27 21:06:14,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-04-27 21:06:14,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-04-27 21:06:14,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-04-27 21:06:14,760",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-04-27 21:06:14,760",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-04-27 21:06:14,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-04-27 21:06:14,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-04-27 21:06:14,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-04-27 21:06:14,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-04-27 21:06:14,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-04-27 21:06:14,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-04-27 21:06:14,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-04-27 21:06:14,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-04-27 21:06:14,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-04-27 21:06:15,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-04-27 21:06:15,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-04-27 21:06:15,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3506
          },
          {
            "timestamp": "2026-04-27 21:06:15,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-04-27 21:06:15,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-04-27 21:06:15,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-04-27 21:06:15,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-04-27 21:06:15,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-04-27 21:06:15,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-04-27 21:06:15,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-04-27 21:06:15,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-04-27 21:06:15,275",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3515
          },
          {
            "timestamp": "2026-04-27 21:06:15,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-04-27 21:06:15,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-04-27 21:06:15,275",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-04-27 21:06:15,275",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-04-27 21:06:15,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-04-27 21:06:15,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-04-27 21:06:15,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-04-27 21:06:15,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-04-27 21:06:15,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-04-27 21:06:15,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-04-27 21:06:15,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-04-27 21:06:15,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-04-27 21:06:15,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-04-27 21:06:15,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-04-27 21:06:15,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-04-27 21:06:15,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3531
          },
          {
            "timestamp": "2026-04-27 21:06:15,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-04-27 21:06:15,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-04-27 21:06:15,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-04-27 21:06:15,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-04-27 21:06:15,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-04-27 21:06:15,697",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-04-27 21:06:15,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-04-27 21:06:15,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-04-27 21:06:15,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-04-27 21:06:15,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-04-27 21:06:15,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-04-27 21:06:15,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-04-27 21:06:15,807",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-04-27 21:06:15,807",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-04-27 21:06:15,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-04-27 21:06:15,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-04-27 21:06:15,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-04-27 21:06:15,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-04-27 21:06:15,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-04-27 21:06:15,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-04-27 21:06:15,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-04-27 21:06:15,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-04-27 21:06:15,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-04-27 21:06:16,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-04-27 21:06:16,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-04-27 21:06:16,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-04-27 21:06:16,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-04-27 21:06:16,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-04-27 21:06:16,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-04-27 21:06:16,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-04-27 21:06:16,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-04-27 21:06:16,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-04-27 21:06:16,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-04-27 21:06:16,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-04-27 21:06:16,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3566
          },
          {
            "timestamp": "2026-04-27 21:06:16,291",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3567
          },
          {
            "timestamp": "2026-04-27 21:06:16,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-04-27 21:06:16,385",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-04-27 21:06:16,385",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-04-27 21:06:16,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-04-27 21:06:16,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-04-27 21:06:16,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-04-27 21:06:16,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-04-27 21:06:16,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-04-27 21:06:16,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-04-27 21:06:16,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-04-27 21:06:16,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-04-27 21:06:16,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-04-27 21:06:16,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-04-27 21:06:16,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-04-27 21:06:16,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-04-27 21:06:16,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-04-27 21:06:16,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-04-27 21:06:16,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-04-27 21:06:16,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-04-27 21:06:16,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-04-27 21:06:16,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-04-27 21:06:16,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-04-27 21:06:16,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-04-27 21:06:16,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-04-27 21:06:16,916",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-04-27 21:06:16,916",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-04-27 21:06:16,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-04-27 21:06:16,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-04-27 21:06:16,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-04-27 21:06:17,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-04-27 21:06:17,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-04-27 21:06:17,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-04-27 21:06:17,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-04-27 21:06:17,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-04-27 21:06:17,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-04-27 21:06:17,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-04-27 21:06:17,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-04-27 21:06:17,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-04-27 21:06:17,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-04-27 21:06:17,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-04-27 21:06:17,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-04-27 21:06:17,260",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ed7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-04-27 21:06:17,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-04-27 21:06:17,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-04-27 21:06:17,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-04-27 21:06:17,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-04-27 21:06:17,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-04-27 21:06:17,307",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3615
          },
          {
            "timestamp": "2026-04-27 21:06:17,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-04-27 21:06:17,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1576"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000062c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1580"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000062c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-04-27 21:06:17,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1580"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "3892",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xf0\\x90\\x00\\xf8\\x19\\x00\\x004\\x0f\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3892"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1580"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-04-27 21:06:17,338",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-04-27 21:06:17,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-04-27 21:06:17,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-04-27 21:06:17,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-04-27 21:06:17,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-04-27 21:06:17,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-04-27 21:06:17,432",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-04-27 21:06:17,432",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-04-27 21:06:17,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-04-27 21:06:17,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-04-27 21:06:17,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-04-27 21:06:17,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-04-27 21:06:17,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-04-27 21:06:17,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-04-27 21:06:17,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-04-27 21:06:17,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-04-27 21:06:17,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-04-27 21:06:17,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-04-27 21:06:17,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-04-27 21:06:17,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-04-27 21:06:17,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-04-27 21:06:17,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-04-27 21:06:17,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-04-27 21:06:17,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-04-27 21:06:17,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-04-27 21:06:17,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-04-27 21:06:17,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-04-27 21:06:17,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-04-27 21:06:17,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-04-27 21:06:17,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-04-27 21:06:17,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-04-27 21:06:17,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-04-27 21:06:17,947",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-04-27 21:06:17,947",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-04-27 21:06:17,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-04-27 21:06:17,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-04-27 21:06:17,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-04-27 21:06:18,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-04-27 21:06:18,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-04-27 21:06:18,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-04-27 21:06:18,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-04-27 21:06:18,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-04-27 21:06:18,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-04-27 21:06:18,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-04-27 21:06:18,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-04-27 21:06:18,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-04-27 21:06:18,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-04-27 21:06:18,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-04-27 21:06:18,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-04-27 21:06:18,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-04-27 21:06:18,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-04-27 21:06:18,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-04-27 21:06:18,322",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3697
          },
          {
            "timestamp": "2026-04-27 21:06:18,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-04-27 21:06:18,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-04-27 21:06:18,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3700
          },
          {
            "timestamp": "2026-04-27 21:06:18,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-04-27 21:06:18,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-04-27 21:06:18,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-04-27 21:06:18,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-04-27 21:06:18,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-04-27 21:06:18,463",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-04-27 21:06:18,463",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-04-27 21:06:18,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-04-27 21:06:18,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-04-27 21:06:18,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-04-27 21:06:18,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-04-27 21:06:18,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-04-27 21:06:18,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-04-27 21:06:18,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-04-27 21:06:18,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-04-27 21:06:18,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-04-27 21:06:18,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-04-27 21:06:18,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-04-27 21:06:18,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-04-27 21:06:18,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-04-27 21:06:18,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-04-27 21:06:18,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-04-27 21:06:18,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-04-27 21:06:18,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-04-27 21:06:18,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-04-27 21:06:18,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-04-27 21:06:18,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-04-27 21:06:18,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-04-27 21:06:18,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-04-27 21:06:18,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-04-27 21:06:18,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-04-27 21:06:18,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-04-27 21:06:18,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-04-27 21:06:18,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-04-27 21:06:19,010",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-04-27 21:06:19,010",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-04-27 21:06:19,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-04-27 21:06:19,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-04-27 21:06:19,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 2,
            "id": 3739
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x077f1658",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "K32EnumProcesses",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06ef7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": false,
            "return": "0xffffffffc0000004",
            "pretty_return": "INFO_LENGTH_MISMATCH",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06f17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x077f1717",
            "parentcaller": "0x051eb184",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "5",
                "pretty_value": "FILE_OVERWRITE_IF"
              }
            ],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05702000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05712000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05722000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x051eb184",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05732000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x0290a3a6",
            "parentcaller": "0x051eb194",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04190419",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000419"
              },
              {
                "name": "LanguageName",
                "value": "Russian"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-04-27 21:06:19,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-04-27 21:06:19,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-04-27 21:06:19,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-04-27 21:06:19,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-04-27 21:06:19,369",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3755
          },
          {
            "timestamp": "2026-04-27 21:06:19,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-04-27 21:06:19,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-04-27 21:06:19,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-04-27 21:06:19,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-04-27 21:06:19,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-04-27 21:06:19,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-04-27 21:06:19,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-04-27 21:06:19,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-04-27 21:06:19,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-04-27 21:06:19,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-04-27 21:06:19,619",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-04-27 21:06:19,619",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-04-27 21:06:19,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-04-27 21:06:19,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-04-27 21:06:19,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-04-27 21:06:19,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-04-27 21:06:19,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-04-27 21:06:19,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-04-27 21:06:19,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-04-27 21:06:19,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-04-27 21:06:19,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-04-27 21:06:19,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-04-27 21:06:19,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-04-27 21:06:19,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-04-27 21:06:19,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-04-27 21:06:19,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-04-27 21:06:19,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-04-27 21:06:19,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-04-27 21:06:19,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-04-27 21:06:19,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-04-27 21:06:20,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-04-27 21:06:20,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-04-27 21:06:20,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-04-27 21:06:20,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-04-27 21:06:20,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-04-27 21:06:20,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-04-27 21:06:20,135",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-04-27 21:06:20,135",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-04-27 21:06:20,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-04-27 21:06:20,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-04-27 21:06:20,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-04-27 21:06:20,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-04-27 21:06:20,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-04-27 21:06:20,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-04-27 21:06:20,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-04-27 21:06:20,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-04-27 21:06:20,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-04-27 21:06:20,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-04-27 21:06:20,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3804
          },
          {
            "timestamp": "2026-04-27 21:06:20,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-04-27 21:06:20,385",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3806
          },
          {
            "timestamp": "2026-04-27 21:06:20,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-04-27 21:06:20,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3808
          },
          {
            "timestamp": "2026-04-27 21:06:20,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-04-27 21:06:20,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-04-27 21:06:20,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-04-27 21:06:20,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-04-27 21:06:20,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-04-27 21:06:20,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-04-27 21:06:20,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-04-27 21:06:20,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3816
          },
          {
            "timestamp": "2026-04-27 21:06:20,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-04-27 21:06:20,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-04-27 21:06:20,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-04-27 21:06:20,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-04-27 21:06:20,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-04-27 21:06:20,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-04-27 21:06:20,650",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-04-27 21:06:20,650",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3824
          },
          {
            "timestamp": "2026-04-27 21:06:20,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-04-27 21:06:20,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-04-27 21:06:20,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-04-27 21:06:20,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3828
          },
          {
            "timestamp": "2026-04-27 21:06:20,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-04-27 21:06:20,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-04-27 21:06:20,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-04-27 21:06:20,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-04-27 21:06:20,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-04-27 21:06:20,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-04-27 21:06:20,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-04-27 21:06:20,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-04-27 21:06:20,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-04-27 21:06:20,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-04-27 21:06:20,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-04-27 21:06:21,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-04-27 21:06:21,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-04-27 21:06:21,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-04-27 21:06:21,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-04-27 21:06:21,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-04-27 21:06:21,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-04-27 21:06:21,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-04-27 21:06:21,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-04-27 21:06:21,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-04-27 21:06:21,166",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-04-27 21:06:21,166",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-04-27 21:06:21,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-04-27 21:06:21,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-04-27 21:06:21,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-04-27 21:06:21,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-04-27 21:06:21,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-04-27 21:06:21,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06f4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3860
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-04-27 21:06:21,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              }
            ],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000638",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1592"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000638"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000634"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1592"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1592"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-04-27 21:06:21,432",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-04-27 21:06:21,478",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-04-27 21:06:21,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-04-27 21:06:21,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-04-27 21:06:21,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-04-27 21:06:21,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-04-27 21:06:21,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-04-27 21:06:21,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-04-27 21:06:21,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-04-27 21:06:21,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-04-27 21:06:21,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-04-27 21:06:21,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-04-27 21:06:21,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-04-27 21:06:21,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-04-27 21:06:21,713",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-04-27 21:06:21,713",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-04-27 21:06:21,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-04-27 21:06:21,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-04-27 21:06:21,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-04-27 21:06:21,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-04-27 21:06:21,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-04-27 21:06:21,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-04-27 21:06:21,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-04-27 21:06:21,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-04-27 21:06:21,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-04-27 21:06:21,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-04-27 21:06:21,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-04-27 21:06:21,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-04-27 21:06:22,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-04-27 21:06:22,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-04-27 21:06:22,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-04-27 21:06:22,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-04-27 21:06:22,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-04-27 21:06:22,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-04-27 21:06:22,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-04-27 21:06:22,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-04-27 21:06:22,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-04-27 21:06:22,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-04-27 21:06:22,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-04-27 21:06:22,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-04-27 21:06:22,228",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-04-27 21:06:22,228",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-04-27 21:06:22,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-04-27 21:06:22,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-04-27 21:06:22,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-04-27 21:06:22,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-04-27 21:06:22,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-04-27 21:06:22,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-04-27 21:06:22,400",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3933
          },
          {
            "timestamp": "2026-04-27 21:06:22,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-04-27 21:06:22,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-04-27 21:06:22,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-04-27 21:06:22,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-04-27 21:06:22,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 3938
          },
          {
            "timestamp": "2026-04-27 21:06:22,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-04-27 21:06:22,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-04-27 21:06:22,510",
            "thread_id": "6580",
            "caller": "0x0864f756",
            "parentcaller": "0x051e6c46",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05742000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-04-27 21:06:22,510",
            "thread_id": "6580",
            "caller": "0x02910626",
            "parentcaller": "0x051e6c61",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadExecutionState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac96c0"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-04-27 21:06:22,510",
            "thread_id": "6580",
            "caller": "0x051e6c3e",
            "parentcaller": "0x051e6c67",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-04-27 21:06:22,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-04-27 21:06:22,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-04-27 21:06:22,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-04-27 21:06:22,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-04-27 21:06:22,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-04-27 21:06:22,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-04-27 21:06:22,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-04-27 21:06:22,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-04-27 21:06:22,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-04-27 21:06:22,744",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-04-27 21:06:22,744",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-04-27 21:06:22,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-04-27 21:06:22,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-04-27 21:06:22,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-04-27 21:06:22,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-04-27 21:06:22,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-04-27 21:06:22,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-04-27 21:06:22,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-04-27 21:06:22,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-04-27 21:06:22,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-04-27 21:06:22,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-04-27 21:06:22,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-04-27 21:06:22,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-04-27 21:06:22,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-04-27 21:06:22,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-04-27 21:06:22,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-04-27 21:06:23,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-04-27 21:06:23,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-04-27 21:06:23,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-04-27 21:06:23,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-04-27 21:06:23,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-04-27 21:06:23,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-04-27 21:06:23,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-04-27 21:06:23,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-04-27 21:06:23,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-04-27 21:06:23,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-04-27 21:06:23,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-04-27 21:06:23,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-04-27 21:06:23,260",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-04-27 21:06:23,260",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-04-27 21:06:23,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-04-27 21:06:23,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-04-27 21:06:23,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-04-27 21:06:23,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-04-27 21:06:23,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-04-27 21:06:23,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-04-27 21:06:23,416",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 3990
          },
          {
            "timestamp": "2026-04-27 21:06:23,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-04-27 21:06:23,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-04-27 21:06:23,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-04-27 21:06:23,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-04-27 21:06:23,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-04-27 21:06:23,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-04-27 21:06:23,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-04-27 21:06:23,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-04-27 21:06:23,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-04-27 21:06:23,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-04-27 21:06:23,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-04-27 21:06:23,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-04-27 21:06:23,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-04-27 21:06:23,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-04-27 21:06:23,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-04-27 21:06:23,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-04-27 21:06:23,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-04-27 21:06:23,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-04-27 21:06:23,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-04-27 21:06:23,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-04-27 21:06:23,775",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-04-27 21:06:23,775",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-04-27 21:06:23,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-04-27 21:06:23,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-04-27 21:06:23,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-04-27 21:06:23,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-04-27 21:06:23,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-04-27 21:06:23,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-04-27 21:06:23,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-04-27 21:06:23,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-04-27 21:06:23,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-04-27 21:06:23,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-04-27 21:06:23,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-04-27 21:06:23,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-04-27 21:06:24,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-04-27 21:06:24,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-04-27 21:06:24,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-04-27 21:06:24,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-04-27 21:06:24,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-04-27 21:06:24,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-04-27 21:06:24,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-04-27 21:06:24,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-04-27 21:06:24,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-04-27 21:06:24,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-04-27 21:06:24,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-04-27 21:06:24,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-04-27 21:06:24,338",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-04-27 21:06:24,338",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-04-27 21:06:24,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-04-27 21:06:24,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-04-27 21:06:24,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-04-27 21:06:24,432",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4042
          },
          {
            "timestamp": "2026-04-27 21:06:24,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-04-27 21:06:24,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-04-27 21:06:24,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-04-27 21:06:24,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-04-27 21:06:24,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-04-27 21:06:24,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-04-27 21:06:24,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-04-27 21:06:24,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-04-27 21:06:24,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4051
          },
          {
            "timestamp": "2026-04-27 21:06:24,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-04-27 21:06:24,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-04-27 21:06:24,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-04-27 21:06:24,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-04-27 21:06:24,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4056
          },
          {
            "timestamp": "2026-04-27 21:06:24,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-04-27 21:06:24,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-04-27 21:06:24,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-04-27 21:06:24,853",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-04-27 21:06:24,853",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-04-27 21:06:24,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-04-27 21:06:24,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-04-27 21:06:24,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-04-27 21:06:24,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-04-27 21:06:24,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-04-27 21:06:24,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-04-27 21:06:25,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-04-27 21:06:25,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-04-27 21:06:25,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-04-27 21:06:25,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-04-27 21:06:25,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-04-27 21:06:25,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-04-27 21:06:25,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-04-27 21:06:25,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-04-27 21:06:25,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-04-27 21:06:25,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-04-27 21:06:25,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-04-27 21:06:25,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-04-27 21:06:25,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-04-27 21:06:25,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-04-27 21:06:25,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-04-27 21:06:25,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-04-27 21:06:25,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-04-27 21:06:25,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-04-27 21:06:25,369",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-04-27 21:06:25,369",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-04-27 21:06:25,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-04-27 21:06:25,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-04-27 21:06:25,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "32"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-04-27 21:06:25,447",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4091
          },
          {
            "timestamp": "2026-04-27 21:06:25,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-04-27 21:06:25,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-04-27 21:06:25,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-04-27 21:06:25,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-04-27 21:06:25,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-04-27 21:06:25,494",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06f6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-04-27 21:06:25,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-04-27 21:06:25,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000648",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1608"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000648"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1608"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              }
            ],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1608"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-04-27 21:06:25,525",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-04-27 21:06:25,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-04-27 21:06:25,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-04-27 21:06:25,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-04-27 21:06:25,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-04-27 21:06:25,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-04-27 21:06:25,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-04-27 21:06:25,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-04-27 21:06:25,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-04-27 21:06:25,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-04-27 21:06:25,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-04-27 21:06:25,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-04-27 21:06:25,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-04-27 21:06:25,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-04-27 21:06:25,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-04-27 21:06:25,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-04-27 21:06:25,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-04-27 21:06:25,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-04-27 21:06:25,885",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-04-27 21:06:25,885",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-04-27 21:06:25,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-04-27 21:06:25,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-04-27 21:06:25,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-04-27 21:06:25,900",
            "thread_id": "3676",
            "caller": "0x77271454",
            "parentcaller": "0x7693b5fa",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000064c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-04-27 21:06:25,900",
            "thread_id": "3676",
            "caller": "0x76938f18",
            "parentcaller": "0x76938dcd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-04-27 21:06:25,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-04-27 21:06:25,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-04-27 21:06:25,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-04-27 21:06:26,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-04-27 21:06:26,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-04-27 21:06:26,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-04-27 21:06:26,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-04-27 21:06:26,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-04-27 21:06:26,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-04-27 21:06:26,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-04-27 21:06:26,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-04-27 21:06:26,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-04-27 21:06:26,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-04-27 21:06:26,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-04-27 21:06:26,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-04-27 21:06:26,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-04-27 21:06:26,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-04-27 21:06:26,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-04-27 21:06:26,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-04-27 21:06:26,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-04-27 21:06:26,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-04-27 21:06:26,400",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-04-27 21:06:26,400",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-04-27 21:06:26,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-04-27 21:06:26,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-04-27 21:06:26,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-04-27 21:06:26,463",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4177
          },
          {
            "timestamp": "2026-04-27 21:06:26,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-04-27 21:06:26,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-04-27 21:06:26,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-04-27 21:06:26,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-04-27 21:06:26,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-04-27 21:06:26,572",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05752000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-04-27 21:06:26,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-04-27 21:06:26,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-04-27 21:06:26,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-04-27 21:06:26,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-04-27 21:06:26,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-04-27 21:06:26,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-04-27 21:06:26,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-04-27 21:06:26,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-04-27 21:06:26,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-04-27 21:06:26,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-04-27 21:06:26,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-04-27 21:06:26,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-04-27 21:06:26,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-04-27 21:06:26,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-04-27 21:06:26,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-04-27 21:06:26,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-04-27 21:06:26,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-04-27 21:06:26,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-04-27 21:06:26,916",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-04-27 21:06:26,916",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-04-27 21:06:26,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-04-27 21:06:26,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-04-27 21:06:26,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-04-27 21:06:27,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-04-27 21:06:27,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-04-27 21:06:27,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-04-27 21:06:27,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-04-27 21:06:27,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-04-27 21:06:27,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-04-27 21:06:27,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-04-27 21:06:27,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-04-27 21:06:27,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-04-27 21:06:27,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-04-27 21:06:27,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-04-27 21:06:27,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-04-27 21:06:27,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-04-27 21:06:27,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-04-27 21:06:27,447",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-04-27 21:06:27,447",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-04-27 21:06:27,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-04-27 21:06:27,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-04-27 21:06:27,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-04-27 21:06:27,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-04-27 21:06:27,494",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4227
          },
          {
            "timestamp": "2026-04-27 21:06:27,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-04-27 21:06:27,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-04-27 21:06:27,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-04-27 21:06:27,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-04-27 21:06:27,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-04-27 21:06:27,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-04-27 21:06:27,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-04-27 21:06:27,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-04-27 21:06:27,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-04-27 21:06:27,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4237
          },
          {
            "timestamp": "2026-04-27 21:06:27,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-04-27 21:06:27,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-04-27 21:06:27,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-04-27 21:06:27,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-04-27 21:06:27,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-04-27 21:06:27,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-04-27 21:06:27,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-04-27 21:06:27,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-04-27 21:06:27,963",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-04-27 21:06:27,963",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-04-27 21:06:27,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-04-27 21:06:27,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-04-27 21:06:27,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-04-27 21:06:28,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-04-27 21:06:28,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-04-27 21:06:28,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-04-27 21:06:28,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-04-27 21:06:28,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-04-27 21:06:28,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-04-27 21:06:28,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-04-27 21:06:28,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-04-27 21:06:28,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-04-27 21:06:28,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-04-27 21:06:28,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-04-27 21:06:28,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-04-27 21:06:28,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-04-27 21:06:28,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-04-27 21:06:28,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-04-27 21:06:28,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-04-27 21:06:28,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-04-27 21:06:28,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-04-27 21:06:28,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-04-27 21:06:28,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-04-27 21:06:28,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-04-27 21:06:28,478",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-04-27 21:06:28,478",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-04-27 21:06:28,494",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4274
          },
          {
            "timestamp": "2026-04-27 21:06:28,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-04-27 21:06:28,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-04-27 21:06:28,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-04-27 21:06:28,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-04-27 21:06:28,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-04-27 21:06:28,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-04-27 21:06:28,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-04-27 21:06:28,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-04-27 21:06:28,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-04-27 21:06:28,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4284
          },
          {
            "timestamp": "2026-04-27 21:06:28,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-04-27 21:06:28,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-04-27 21:06:28,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4287
          },
          {
            "timestamp": "2026-04-27 21:06:28,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-04-27 21:06:28,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-04-27 21:06:28,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-04-27 21:06:28,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-04-27 21:06:28,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4292
          },
          {
            "timestamp": "2026-04-27 21:06:28,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-04-27 21:06:28,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-04-27 21:06:28,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4295
          },
          {
            "timestamp": "2026-04-27 21:06:28,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-04-27 21:06:28,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-04-27 21:06:28,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-04-27 21:06:28,994",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-04-27 21:06:28,994",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-04-27 21:06:29,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-04-27 21:06:29,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-04-27 21:06:29,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-04-27 21:06:29,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4304
          },
          {
            "timestamp": "2026-04-27 21:06:29,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-04-27 21:06:29,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-04-27 21:06:29,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4307
          },
          {
            "timestamp": "2026-04-27 21:06:29,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-04-27 21:06:29,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-04-27 21:06:29,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-04-27 21:06:29,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-04-27 21:06:29,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-04-27 21:06:29,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-04-27 21:06:29,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-04-27 21:06:29,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-04-27 21:06:29,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-04-27 21:06:29,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-04-27 21:06:29,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-04-27 21:06:29,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-04-27 21:06:29,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-04-27 21:06:29,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-04-27 21:06:29,494",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4322
          },
          {
            "timestamp": "2026-04-27 21:06:29,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-04-27 21:06:29,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-04-27 21:06:29,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-04-27 21:06:29,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-04-27 21:06:29,510",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-04-27 21:06:29,510",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-04-27 21:06:29,541",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06f8d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-04-27 21:06:29,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-04-27 21:06:29,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000650",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000650"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1616"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-04-27 21:06:29,557",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-04-27 21:06:29,572",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-04-27 21:06:29,572",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-04-27 21:06:29,572",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-04-27 21:06:29,572",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-04-27 21:06:29,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-04-27 21:06:29,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-04-27 21:06:29,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-04-27 21:06:29,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-04-27 21:06:29,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-04-27 21:06:29,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-04-27 21:06:29,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-04-27 21:06:29,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4366
          },
          {
            "timestamp": "2026-04-27 21:06:29,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-04-27 21:06:29,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-04-27 21:06:29,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-04-27 21:06:29,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-04-27 21:06:29,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-04-27 21:06:29,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-04-27 21:06:29,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-04-27 21:06:29,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-04-27 21:06:29,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-04-27 21:06:29,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-04-27 21:06:29,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-04-27 21:06:30,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-04-27 21:06:30,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-04-27 21:06:30,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-04-27 21:06:30,025",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-04-27 21:06:30,025",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-04-27 21:06:30,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-04-27 21:06:30,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-04-27 21:06:30,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-04-27 21:06:30,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-04-27 21:06:30,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-04-27 21:06:30,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-04-27 21:06:30,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-04-27 21:06:30,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-04-27 21:06:30,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-04-27 21:06:30,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-04-27 21:06:30,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-04-27 21:06:30,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-04-27 21:06:30,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-04-27 21:06:30,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-04-27 21:06:30,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4397
          },
          {
            "timestamp": "2026-04-27 21:06:30,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-04-27 21:06:30,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-04-27 21:06:30,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-04-27 21:06:30,525",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4401
          },
          {
            "timestamp": "2026-04-27 21:06:30,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-04-27 21:06:30,588",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-04-27 21:06:30,588",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-04-27 21:06:30,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4405
          },
          {
            "timestamp": "2026-04-27 21:06:30,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-04-27 21:06:30,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-04-27 21:06:30,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-04-27 21:06:30,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-04-27 21:06:30,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4410
          },
          {
            "timestamp": "2026-04-27 21:06:30,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-04-27 21:06:30,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-04-27 21:06:30,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-04-27 21:06:30,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-04-27 21:06:30,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-04-27 21:06:30,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-04-27 21:06:30,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-04-27 21:06:30,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4418
          },
          {
            "timestamp": "2026-04-27 21:06:30,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-04-27 21:06:30,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-04-27 21:06:30,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-04-27 21:06:31,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-04-27 21:06:31,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-04-27 21:06:31,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-04-27 21:06:31,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-04-27 21:06:31,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-04-27 21:06:31,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-04-27 21:06:31,166",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-04-27 21:06:31,166",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-04-27 21:06:31,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-04-27 21:06:31,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-04-27 21:06:31,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-04-27 21:06:31,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-04-27 21:06:31,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-04-27 21:06:31,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-04-27 21:06:31,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-04-27 21:06:31,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-04-27 21:06:31,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-04-27 21:06:31,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-04-27 21:06:31,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-04-27 21:06:31,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-04-27 21:06:31,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-04-27 21:06:31,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-04-27 21:06:31,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-04-27 21:06:31,525",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4445
          },
          {
            "timestamp": "2026-04-27 21:06:31,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-04-27 21:06:31,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-04-27 21:06:31,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-04-27 21:06:31,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-04-27 21:06:31,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-04-27 21:06:31,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-04-27 21:06:31,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-04-27 21:06:31,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-04-27 21:06:31,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-04-27 21:06:31,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-04-27 21:06:31,682",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-04-27 21:06:31,682",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-04-27 21:06:31,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-04-27 21:06:31,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-04-27 21:06:31,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-04-27 21:06:31,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-04-27 21:06:31,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-04-27 21:06:31,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-04-27 21:06:31,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-04-27 21:06:31,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-04-27 21:06:31,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-04-27 21:06:31,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4467
          },
          {
            "timestamp": "2026-04-27 21:06:31,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-04-27 21:06:31,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-04-27 21:06:31,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-04-27 21:06:31,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-04-27 21:06:31,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-04-27 21:06:32,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-04-27 21:06:32,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-04-27 21:06:32,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-04-27 21:06:32,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-04-27 21:06:32,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-04-27 21:06:32,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-04-27 21:06:32,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-04-27 21:06:32,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-04-27 21:06:32,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-04-27 21:06:32,197",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-04-27 21:06:32,197",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-04-27 21:06:32,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-04-27 21:06:32,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-04-27 21:06:32,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-04-27 21:06:32,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-04-27 21:06:32,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-04-27 21:06:32,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4489
          },
          {
            "timestamp": "2026-04-27 21:06:32,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-04-27 21:06:32,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-04-27 21:06:32,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-04-27 21:06:32,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-04-27 21:06:32,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-04-27 21:06:32,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-04-27 21:06:32,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-04-27 21:06:32,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-04-27 21:06:32,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-04-27 21:06:32,525",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4499
          },
          {
            "timestamp": "2026-04-27 21:06:32,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-04-27 21:06:32,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-04-27 21:06:32,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-04-27 21:06:32,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-04-27 21:06:32,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-04-27 21:06:32,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-04-27 21:06:32,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-04-27 21:06:32,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-04-27 21:06:32,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4508
          },
          {
            "timestamp": "2026-04-27 21:06:32,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-04-27 21:06:32,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-04-27 21:06:32,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-04-27 21:06:32,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-04-27 21:06:32,713",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-04-27 21:06:32,713",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-04-27 21:06:32,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-04-27 21:06:32,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-04-27 21:06:32,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-04-27 21:06:32,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-04-27 21:06:32,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-04-27 21:06:32,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-04-27 21:06:32,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-04-27 21:06:32,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-04-27 21:06:32,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-04-27 21:06:32,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-04-27 21:06:32,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-04-27 21:06:32,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-04-27 21:06:33,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-04-27 21:06:33,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-04-27 21:06:33,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-04-27 21:06:33,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-04-27 21:06:33,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-04-27 21:06:33,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-04-27 21:06:33,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-04-27 21:06:33,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-04-27 21:06:33,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-04-27 21:06:33,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-04-27 21:06:33,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-04-27 21:06:33,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-04-27 21:06:33,228",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-04-27 21:06:33,228",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-04-27 21:06:33,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-04-27 21:06:33,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-04-27 21:06:33,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-04-27 21:06:33,353",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05762000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-04-27 21:06:33,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-04-27 21:06:33,353",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-04-27 21:06:33,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-04-27 21:06:33,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-04-27 21:06:33,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-04-27 21:06:33,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-04-27 21:06:33,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-04-27 21:06:33,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-04-27 21:06:33,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-04-27 21:06:33,541",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4554
          },
          {
            "timestamp": "2026-04-27 21:06:33,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-04-27 21:06:33,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-04-27 21:06:33,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-04-27 21:06:33,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-04-27 21:06:33,588",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-04-27 21:06:33,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-04-27 21:06:33,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-04-27 21:06:33,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-04-27 21:06:33,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-04-27 21:06:33,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-04-27 21:06:33,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-04-27 21:06:33,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-04-27 21:06:33,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000658",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1624"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000658"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1624"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1624"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-04-27 21:06:33,682",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-04-27 21:06:33,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-04-27 21:06:33,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-04-27 21:06:33,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-04-27 21:06:33,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-04-27 21:06:33,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-04-27 21:06:33,744",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-04-27 21:06:33,744",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-04-27 21:06:33,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-04-27 21:06:33,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-04-27 21:06:33,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-04-27 21:06:33,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-04-27 21:06:33,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-04-27 21:06:33,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-04-27 21:06:33,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-04-27 21:06:33,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-04-27 21:06:33,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-04-27 21:06:33,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-04-27 21:06:33,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-04-27 21:06:33,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-04-27 21:06:34,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-04-27 21:06:34,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-04-27 21:06:34,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-04-27 21:06:34,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-04-27 21:06:34,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-04-27 21:06:34,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-04-27 21:06:34,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-04-27 21:06:34,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-04-27 21:06:34,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-04-27 21:06:34,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-04-27 21:06:34,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-04-27 21:06:34,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-04-27 21:06:34,260",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-04-27 21:06:34,260",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-04-27 21:06:34,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-04-27 21:06:34,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-04-27 21:06:34,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-04-27 21:06:34,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-04-27 21:06:34,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-04-27 21:06:34,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-04-27 21:06:34,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-04-27 21:06:34,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-04-27 21:06:34,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-04-27 21:06:34,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-04-27 21:06:34,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-04-27 21:06:34,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-04-27 21:06:34,557",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4637
          },
          {
            "timestamp": "2026-04-27 21:06:34,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-04-27 21:06:34,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-04-27 21:06:34,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-04-27 21:06:34,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-04-27 21:06:34,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-04-27 21:06:34,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-04-27 21:06:34,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-04-27 21:06:34,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-04-27 21:06:34,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-04-27 21:06:34,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-04-27 21:06:34,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-04-27 21:06:34,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-04-27 21:06:34,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-04-27 21:06:34,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-04-27 21:06:34,775",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-04-27 21:06:34,775",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-04-27 21:06:34,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-04-27 21:06:34,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-04-27 21:06:34,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-04-27 21:06:34,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-04-27 21:06:34,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-04-27 21:06:34,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-04-27 21:06:34,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-04-27 21:06:34,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-04-27 21:06:34,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-04-27 21:06:35,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-04-27 21:06:35,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-04-27 21:06:35,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-04-27 21:06:35,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-04-27 21:06:35,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-04-27 21:06:35,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-04-27 21:06:35,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-04-27 21:06:35,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-04-27 21:06:35,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-04-27 21:06:35,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-04-27 21:06:35,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-04-27 21:06:35,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-04-27 21:06:35,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-04-27 21:06:35,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-04-27 21:06:35,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-04-27 21:06:35,291",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-04-27 21:06:35,291",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4679
          },
          {
            "timestamp": "2026-04-27 21:06:35,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-04-27 21:06:35,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-04-27 21:06:35,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-04-27 21:06:35,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-04-27 21:06:35,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-04-27 21:06:35,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-04-27 21:06:35,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-04-27 21:06:35,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-04-27 21:06:35,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-04-27 21:06:35,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-04-27 21:06:35,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-04-27 21:06:35,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-04-27 21:06:35,572",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4692
          },
          {
            "timestamp": "2026-04-27 21:06:35,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-04-27 21:06:35,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-04-27 21:06:35,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-04-27 21:06:35,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-04-27 21:06:35,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-04-27 21:06:35,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-04-27 21:06:35,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-04-27 21:06:35,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-04-27 21:06:35,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-04-27 21:06:35,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-04-27 21:06:35,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-04-27 21:06:35,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-04-27 21:06:35,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-04-27 21:06:35,807",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-04-27 21:06:35,807",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-04-27 21:06:35,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-04-27 21:06:35,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-04-27 21:06:35,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-04-27 21:06:35,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-04-27 21:06:35,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-04-27 21:06:35,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-04-27 21:06:35,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-04-27 21:06:35,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-04-27 21:06:35,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-04-27 21:06:36,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-04-27 21:06:36,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-04-27 21:06:36,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-04-27 21:06:36,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-04-27 21:06:36,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-04-27 21:06:36,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-04-27 21:06:36,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-04-27 21:06:36,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-04-27 21:06:36,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-04-27 21:06:36,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-04-27 21:06:36,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-04-27 21:06:36,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-04-27 21:06:36,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-04-27 21:06:36,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-04-27 21:06:36,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-04-27 21:06:36,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-04-27 21:06:36,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-04-27 21:06:36,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-04-27 21:06:36,322",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-04-27 21:06:36,322",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-04-27 21:06:36,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-04-27 21:06:36,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-04-27 21:06:36,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-04-27 21:06:36,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-04-27 21:06:36,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-04-27 21:06:36,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-04-27 21:06:36,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-04-27 21:06:36,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-04-27 21:06:36,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-04-27 21:06:36,572",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4746
          },
          {
            "timestamp": "2026-04-27 21:06:36,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-04-27 21:06:36,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-04-27 21:06:36,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-04-27 21:06:36,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-04-27 21:06:36,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-04-27 21:06:36,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-04-27 21:06:36,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-04-27 21:06:36,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-04-27 21:06:36,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-04-27 21:06:36,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-04-27 21:06:36,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-04-27 21:06:36,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-04-27 21:06:36,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-04-27 21:06:36,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-04-27 21:06:36,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-04-27 21:06:36,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-04-27 21:06:36,838",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-04-27 21:06:36,838",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-04-27 21:06:36,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-04-27 21:06:36,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-04-27 21:06:36,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-04-27 21:06:36,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-04-27 21:06:36,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-04-27 21:06:36,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-04-27 21:06:37,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-04-27 21:06:37,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-04-27 21:06:37,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-04-27 21:06:37,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-04-27 21:06:37,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-04-27 21:06:37,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-04-27 21:06:37,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-04-27 21:06:37,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-04-27 21:06:37,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-04-27 21:06:37,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-04-27 21:06:37,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-04-27 21:06:37,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-04-27 21:06:37,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-04-27 21:06:37,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-04-27 21:06:37,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-04-27 21:06:37,322",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05772000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-04-27 21:06:37,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-04-27 21:06:37,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-04-27 21:06:37,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-04-27 21:06:37,353",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-04-27 21:06:37,353",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-04-27 21:06:37,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-04-27 21:06:37,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-04-27 21:06:37,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-04-27 21:06:37,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-04-27 21:06:37,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-04-27 21:06:37,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-04-27 21:06:37,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-04-27 21:06:37,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-04-27 21:06:37,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-04-27 21:06:37,572",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4801
          },
          {
            "timestamp": "2026-04-27 21:06:37,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-04-27 21:06:37,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-04-27 21:06:37,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-04-27 21:06:37,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-04-27 21:06:37,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-04-27 21:06:37,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-04-27 21:06:37,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fcd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4811
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-04-27 21:06:37,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000046c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1132"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000046c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1132"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-04-27 21:06:37,728",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-04-27 21:06:37,744",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1132"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-04-27 21:06:37,744",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-04-27 21:06:37,744",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-04-27 21:06:37,744",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-04-27 21:06:37,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-04-27 21:06:37,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-04-27 21:06:37,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-04-27 21:06:37,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-04-27 21:06:37,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-04-27 21:06:37,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-04-27 21:06:37,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-04-27 21:06:37,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-04-27 21:06:37,869",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-04-27 21:06:37,869",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-04-27 21:06:37,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-04-27 21:06:37,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-04-27 21:06:37,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-04-27 21:06:37,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-04-27 21:06:37,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-04-27 21:06:37,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-04-27 21:06:38,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-04-27 21:06:38,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-04-27 21:06:38,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-04-27 21:06:38,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-04-27 21:06:38,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-04-27 21:06:38,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-04-27 21:06:38,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-04-27 21:06:38,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-04-27 21:06:38,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-04-27 21:06:38,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-04-27 21:06:38,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-04-27 21:06:38,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-04-27 21:06:38,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-04-27 21:06:38,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-04-27 21:06:38,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-04-27 21:06:38,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-04-27 21:06:38,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-04-27 21:06:38,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-04-27 21:06:38,385",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-04-27 21:06:38,385",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-04-27 21:06:38,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-04-27 21:06:38,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-04-27 21:06:38,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-04-27 21:06:38,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-04-27 21:06:38,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-04-27 21:06:38,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-04-27 21:06:38,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-04-27 21:06:38,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-04-27 21:06:38,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-04-27 21:06:38,588",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4884
          },
          {
            "timestamp": "2026-04-27 21:06:38,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-04-27 21:06:38,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-04-27 21:06:38,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-04-27 21:06:38,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-04-27 21:06:38,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-04-27 21:06:38,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-04-27 21:06:38,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-04-27 21:06:38,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4892
          },
          {
            "timestamp": "2026-04-27 21:06:38,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-04-27 21:06:38,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-04-27 21:06:38,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-04-27 21:06:38,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-04-27 21:06:38,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-04-27 21:06:38,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-04-27 21:06:38,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-04-27 21:06:38,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-04-27 21:06:38,900",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-04-27 21:06:38,900",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-04-27 21:06:38,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-04-27 21:06:38,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-04-27 21:06:38,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-04-27 21:06:38,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-04-27 21:06:38,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-04-27 21:06:38,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-04-27 21:06:39,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-04-27 21:06:39,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-04-27 21:06:39,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-04-27 21:06:39,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-04-27 21:06:39,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-04-27 21:06:39,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-04-27 21:06:39,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-04-27 21:06:39,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-04-27 21:06:39,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-04-27 21:06:39,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-04-27 21:06:39,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-04-27 21:06:39,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4920
          },
          {
            "timestamp": "2026-04-27 21:06:39,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-04-27 21:06:39,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-04-27 21:06:39,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-04-27 21:06:39,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-04-27 21:06:39,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-04-27 21:06:39,416",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-04-27 21:06:39,416",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-04-27 21:06:39,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-04-27 21:06:39,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-04-27 21:06:39,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-04-27 21:06:39,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-04-27 21:06:39,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-04-27 21:06:39,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-04-27 21:06:39,603",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4934
          },
          {
            "timestamp": "2026-04-27 21:06:39,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-04-27 21:06:39,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-04-27 21:06:39,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-04-27 21:06:39,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-04-27 21:06:39,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-04-27 21:06:39,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-04-27 21:06:39,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-04-27 21:06:39,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-04-27 21:06:39,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-04-27 21:06:39,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-04-27 21:06:39,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-04-27 21:06:39,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-04-27 21:06:39,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4947
          },
          {
            "timestamp": "2026-04-27 21:06:39,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-04-27 21:06:39,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-04-27 21:06:39,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-04-27 21:06:39,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-04-27 21:06:39,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-04-27 21:06:39,963",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-04-27 21:06:39,963",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-04-27 21:06:40,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-04-27 21:06:40,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-04-27 21:06:40,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-04-27 21:06:40,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-04-27 21:06:40,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-04-27 21:06:40,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-04-27 21:06:40,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-04-27 21:06:40,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-04-27 21:06:40,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4963
          },
          {
            "timestamp": "2026-04-27 21:06:40,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-04-27 21:06:40,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-04-27 21:06:40,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-04-27 21:06:40,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-04-27 21:06:40,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-04-27 21:06:40,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-04-27 21:06:40,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-04-27 21:06:40,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4971
          },
          {
            "timestamp": "2026-04-27 21:06:40,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-04-27 21:06:40,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-04-27 21:06:40,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-04-27 21:06:40,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-04-27 21:06:40,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-04-27 21:06:40,478",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-04-27 21:06:40,478",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-04-27 21:06:40,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-04-27 21:06:40,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4980
          },
          {
            "timestamp": "2026-04-27 21:06:40,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-04-27 21:06:40,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-04-27 21:06:40,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-04-27 21:06:40,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-04-27 21:06:40,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-04-27 21:06:40,619",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 4986
          },
          {
            "timestamp": "2026-04-27 21:06:40,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-04-27 21:06:40,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-04-27 21:06:40,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-04-27 21:06:40,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-04-27 21:06:40,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-04-27 21:06:40,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-04-27 21:06:40,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 4993
          },
          {
            "timestamp": "2026-04-27 21:06:40,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-04-27 21:06:40,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-04-27 21:06:40,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-04-27 21:06:40,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-04-27 21:06:40,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-04-27 21:06:40,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-04-27 21:06:40,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-04-27 21:06:40,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-04-27 21:06:40,994",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-04-27 21:06:40,994",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-04-27 21:06:40,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-04-27 21:06:40,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-04-27 21:06:40,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-04-27 21:06:41,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-04-27 21:06:41,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-04-27 21:06:41,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-04-27 21:06:41,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-04-27 21:06:41,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-04-27 21:06:41,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-04-27 21:06:41,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-04-27 21:06:41,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-04-27 21:06:41,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-04-27 21:06:41,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-04-27 21:06:41,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-04-27 21:06:41,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-04-27 21:06:41,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-04-27 21:06:41,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-04-27 21:06:41,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-04-27 21:06:41,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-04-27 21:06:41,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-04-27 21:06:41,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5024
          },
          {
            "timestamp": "2026-04-27 21:06:41,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-04-27 21:06:41,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-04-27 21:06:41,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-04-27 21:06:41,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-04-27 21:06:41,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-04-27 21:06:41,510",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-04-27 21:06:41,510",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-04-27 21:06:41,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-04-27 21:06:41,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-04-27 21:06:41,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-04-27 21:06:41,635",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5035
          },
          {
            "timestamp": "2026-04-27 21:06:41,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-04-27 21:06:41,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-04-27 21:06:41,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-04-27 21:06:41,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-04-27 21:06:41,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-04-27 21:06:41,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-04-27 21:06:41,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-04-27 21:06:41,760",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06fed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-04-27 21:06:41,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-04-27 21:06:41,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-04-27 21:06:41,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-04-27 21:06:41,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-04-27 21:06:41,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000650",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000650"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1616"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1616"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-04-27 21:06:41,853",
            "thread_id": "7312",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-04-27 21:06:41,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-04-27 21:06:41,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-04-27 21:06:41,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-04-27 21:06:41,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-04-27 21:06:41,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-04-27 21:06:41,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-04-27 21:06:41,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-04-27 21:06:41,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-04-27 21:06:42,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-04-27 21:06:42,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-04-27 21:06:42,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-04-27 21:06:42,025",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-04-27 21:06:42,025",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-04-27 21:06:42,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-04-27 21:06:42,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-04-27 21:06:42,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-04-27 21:06:42,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-04-27 21:06:42,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-04-27 21:06:42,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-04-27 21:06:42,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-04-27 21:06:42,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-04-27 21:06:42,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-04-27 21:06:42,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-04-27 21:06:42,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-04-27 21:06:42,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-04-27 21:06:42,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-04-27 21:06:42,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-04-27 21:06:42,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-04-27 21:06:42,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-04-27 21:06:42,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-04-27 21:06:42,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-04-27 21:06:42,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-04-27 21:06:42,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-04-27 21:06:42,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-04-27 21:06:42,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-04-27 21:06:42,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-04-27 21:06:42,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-04-27 21:06:42,525",
            "thread_id": "6580",
            "caller": "0x051e6c3e",
            "parentcaller": "0x051e6c67",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-04-27 21:06:42,541",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-04-27 21:06:42,541",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-04-27 21:06:42,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-04-27 21:06:42,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-04-27 21:06:42,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-04-27 21:06:42,635",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5114
          },
          {
            "timestamp": "2026-04-27 21:06:42,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-04-27 21:06:42,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-04-27 21:06:42,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-04-27 21:06:42,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-04-27 21:06:42,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-04-27 21:06:42,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-04-27 21:06:42,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-04-27 21:06:42,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-04-27 21:06:42,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-04-27 21:06:42,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-04-27 21:06:42,900",
            "thread_id": "2068",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05782000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-04-27 21:06:42,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-04-27 21:06:42,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-04-27 21:06:42,900",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-04-27 21:06:42,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5129
          },
          {
            "timestamp": "2026-04-27 21:06:42,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-04-27 21:06:42,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-04-27 21:06:43,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-04-27 21:06:43,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-04-27 21:06:43,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-04-27 21:06:43,072",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-04-27 21:06:43,072",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-04-27 21:06:43,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-04-27 21:06:43,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-04-27 21:06:43,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-04-27 21:06:43,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-04-27 21:06:43,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-04-27 21:06:43,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-04-27 21:06:43,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-04-27 21:06:43,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-04-27 21:06:43,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-04-27 21:06:43,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-04-27 21:06:43,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-04-27 21:06:43,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-04-27 21:06:43,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-04-27 21:06:43,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-04-27 21:06:43,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-04-27 21:06:43,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-04-27 21:06:43,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-04-27 21:06:43,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-04-27 21:06:43,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-04-27 21:06:43,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-04-27 21:06:43,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-04-27 21:06:43,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-04-27 21:06:43,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-04-27 21:06:43,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5161
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-04-27 21:06:43,650",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-04-27 21:06:43,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-04-27 21:06:43,713",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-04-27 21:06:43,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-04-27 21:06:43,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-04-27 21:06:43,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-04-27 21:06:43,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-04-27 21:06:43,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-04-27 21:06:43,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-04-27 21:06:43,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-04-27 21:06:43,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-04-27 21:06:43,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-04-27 21:06:43,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-04-27 21:06:43,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-04-27 21:06:43,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-04-27 21:06:43,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-04-27 21:06:44,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-04-27 21:06:44,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-04-27 21:06:44,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-04-27 21:06:44,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-04-27 21:06:44,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-04-27 21:06:44,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-04-27 21:06:44,182",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-04-27 21:06:44,182",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-04-27 21:06:44,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-04-27 21:06:44,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-04-27 21:06:44,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-04-27 21:06:44,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-04-27 21:06:44,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-04-27 21:06:44,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5196
          },
          {
            "timestamp": "2026-04-27 21:06:44,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-04-27 21:06:44,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-04-27 21:06:44,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-04-27 21:06:44,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-04-27 21:06:44,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-04-27 21:06:44,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-04-27 21:06:44,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-04-27 21:06:44,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5204
          },
          {
            "timestamp": "2026-04-27 21:06:44,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-04-27 21:06:44,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-04-27 21:06:44,666",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-04-27 21:06:44,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-04-27 21:06:44,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-04-27 21:06:44,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-04-27 21:06:44,744",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-04-27 21:06:44,744",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-04-27 21:06:44,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-04-27 21:06:44,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-04-27 21:06:44,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-04-27 21:06:44,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-04-27 21:06:44,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-04-27 21:06:44,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-04-27 21:06:44,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-04-27 21:06:44,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-04-27 21:06:44,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-04-27 21:06:44,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-04-27 21:06:44,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-04-27 21:06:44,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-04-27 21:06:45,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-04-27 21:06:45,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-04-27 21:06:45,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-04-27 21:06:45,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-04-27 21:06:45,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-04-27 21:06:45,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-04-27 21:06:45,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-04-27 21:06:45,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-04-27 21:06:45,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-04-27 21:06:45,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-04-27 21:06:45,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-04-27 21:06:45,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5236
          },
          {
            "timestamp": "2026-04-27 21:06:45,260",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-04-27 21:06:45,260",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-04-27 21:06:45,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-04-27 21:06:45,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-04-27 21:06:45,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-04-27 21:06:45,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-04-27 21:06:45,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-04-27 21:06:45,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-04-27 21:06:45,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-04-27 21:06:45,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-04-27 21:06:45,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-04-27 21:06:45,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-04-27 21:06:45,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-04-27 21:06:45,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-04-27 21:06:45,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-04-27 21:06:45,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-04-27 21:06:45,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-04-27 21:06:45,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-04-27 21:06:45,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-04-27 21:06:45,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-04-27 21:06:45,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-04-27 21:06:45,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-04-27 21:06:45,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-04-27 21:06:45,682",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5260
          },
          {
            "timestamp": "2026-04-27 21:06:45,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-04-27 21:06:45,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-04-27 21:06:45,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-04-27 21:06:45,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-04-27 21:06:45,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-04-27 21:06:45,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-04-27 21:06:45,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-04-27 21:06:45,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-04-27 21:06:45,775",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-04-27 21:06:45,775",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-04-27 21:06:45,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-04-27 21:06:45,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-04-27 21:06:45,838",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-04-27 21:06:45,885",
            "thread_id": "7312",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0700d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-04-27 21:06:45,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-04-27 21:06:45,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000660",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1632"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000660"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "7312",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-04-27 21:06:45,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1632"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1632"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-04-27 21:06:45,916",
            "thread_id": "7312",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-04-27 21:06:45,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-04-27 21:06:45,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-04-27 21:06:45,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-04-27 21:06:45,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-04-27 21:06:45,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-04-27 21:06:46,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-04-27 21:06:46,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-04-27 21:06:46,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-04-27 21:06:46,103",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-04-27 21:06:46,103",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-04-27 21:06:46,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-04-27 21:06:46,166",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-04-27 21:06:46,166",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-04-27 21:06:46,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-04-27 21:06:46,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-04-27 21:06:46,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-04-27 21:06:46,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-04-27 21:06:46,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-04-27 21:06:46,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-04-27 21:06:46,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-04-27 21:06:46,307",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-04-27 21:06:46,307",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-04-27 21:06:46,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-04-27 21:06:46,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-04-27 21:06:46,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-04-27 21:06:46,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-04-27 21:06:46,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-04-27 21:06:46,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-04-27 21:06:46,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-04-27 21:06:46,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-04-27 21:06:46,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-04-27 21:06:46,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-04-27 21:06:46,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-04-27 21:06:46,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-04-27 21:06:46,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-04-27 21:06:46,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-04-27 21:06:46,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-04-27 21:06:46,682",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5341
          },
          {
            "timestamp": "2026-04-27 21:06:46,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-04-27 21:06:46,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-04-27 21:06:46,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-04-27 21:06:46,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5345
          },
          {
            "timestamp": "2026-04-27 21:06:46,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-04-27 21:06:46,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-04-27 21:06:46,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-04-27 21:06:46,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-04-27 21:06:46,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-04-27 21:06:46,869",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-04-27 21:06:46,869",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-04-27 21:06:46,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-04-27 21:06:46,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-04-27 21:06:46,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5355
          },
          {
            "timestamp": "2026-04-27 21:06:46,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-04-27 21:06:46,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-04-27 21:06:47,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-04-27 21:06:47,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-04-27 21:06:47,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-04-27 21:06:47,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-04-27 21:06:47,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-04-27 21:06:47,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-04-27 21:06:47,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-04-27 21:06:47,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-04-27 21:06:47,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-04-27 21:06:47,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-04-27 21:06:47,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-04-27 21:06:47,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5369
          },
          {
            "timestamp": "2026-04-27 21:06:47,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-04-27 21:06:47,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-04-27 21:06:47,447",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-04-27 21:06:47,447",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-04-27 21:06:47,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-04-27 21:06:47,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-04-27 21:06:47,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-04-27 21:06:47,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-04-27 21:06:47,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-04-27 21:06:47,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-04-27 21:06:47,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-04-27 21:06:47,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-04-27 21:06:47,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-04-27 21:06:47,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-04-27 21:06:47,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-04-27 21:06:47,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-04-27 21:06:47,697",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5386
          },
          {
            "timestamp": "2026-04-27 21:06:47,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-04-27 21:06:47,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-04-27 21:06:47,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-04-27 21:06:47,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-04-27 21:06:47,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-04-27 21:06:47,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-04-27 21:06:47,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-04-27 21:06:47,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-04-27 21:06:47,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-04-27 21:06:47,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-04-27 21:06:47,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-04-27 21:06:47,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-04-27 21:06:47,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-04-27 21:06:47,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-04-27 21:06:47,963",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-04-27 21:06:47,963",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-04-27 21:06:47,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-04-27 21:06:47,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-04-27 21:06:47,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-04-27 21:06:48,057",
            "thread_id": "2068",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05792000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-04-27 21:06:48,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-04-27 21:06:48,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-04-27 21:06:48,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-04-27 21:06:48,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-04-27 21:06:48,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-04-27 21:06:48,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-04-27 21:06:48,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5413
          },
          {
            "timestamp": "2026-04-27 21:06:48,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-04-27 21:06:48,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-04-27 21:06:48,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-04-27 21:06:48,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-04-27 21:06:48,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-04-27 21:06:48,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-04-27 21:06:48,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-04-27 21:06:48,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-04-27 21:06:48,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-04-27 21:06:48,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-04-27 21:06:48,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-04-27 21:06:48,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-04-27 21:06:48,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-04-27 21:06:48,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-04-27 21:06:48,478",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-04-27 21:06:48,478",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-04-27 21:06:48,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-04-27 21:06:48,541",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-04-27 21:06:48,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-04-27 21:06:48,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-04-27 21:06:48,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-04-27 21:06:48,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-04-27 21:06:48,697",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5436
          },
          {
            "timestamp": "2026-04-27 21:06:48,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-04-27 21:06:48,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-04-27 21:06:48,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-04-27 21:06:48,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-04-27 21:06:48,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-04-27 21:06:48,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-04-27 21:06:48,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-04-27 21:06:48,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-04-27 21:06:48,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-04-27 21:06:48,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5446
          },
          {
            "timestamp": "2026-04-27 21:06:48,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-04-27 21:06:48,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-04-27 21:06:49,010",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-04-27 21:06:49,010",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-04-27 21:06:49,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-04-27 21:06:49,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-04-27 21:06:49,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5453
          },
          {
            "timestamp": "2026-04-27 21:06:49,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-04-27 21:06:49,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-04-27 21:06:49,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-04-27 21:06:49,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-04-27 21:06:49,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-04-27 21:06:49,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-04-27 21:06:49,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-04-27 21:06:49,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5461
          },
          {
            "timestamp": "2026-04-27 21:06:49,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-04-27 21:06:49,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-04-27 21:06:49,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-04-27 21:06:49,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-04-27 21:06:49,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-04-27 21:06:49,416",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-04-27 21:06:49,416",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-04-27 21:06:49,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-04-27 21:06:49,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-04-27 21:06:49,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-04-27 21:06:49,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-04-27 21:06:49,541",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-04-27 21:06:49,541",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-04-27 21:06:49,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-04-27 21:06:49,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-04-27 21:06:49,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-04-27 21:06:49,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-04-27 21:06:49,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-04-27 21:06:49,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-04-27 21:06:49,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-04-27 21:06:49,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-04-27 21:06:49,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-04-27 21:06:49,728",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5484
          },
          {
            "timestamp": "2026-04-27 21:06:49,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-04-27 21:06:49,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-04-27 21:06:49,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-04-27 21:06:49,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-04-27 21:06:49,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-04-27 21:06:49,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-04-27 21:06:49,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-04-27 21:06:49,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-04-27 21:06:49,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-04-27 21:06:49,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-04-27 21:06:49,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-04-27 21:06:49,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-04-27 21:06:49,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-04-27 21:06:49,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-04-27 21:06:49,932",
            "thread_id": "7312",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0702d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-04-27 21:06:49,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-04-27 21:06:49,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000664",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1636"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000664"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "7312",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1636"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1636"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-04-27 21:06:49,963",
            "thread_id": "7312",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-04-27 21:06:49,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-04-27 21:06:49,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-04-27 21:06:50,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-04-27 21:06:50,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-04-27 21:06:50,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-04-27 21:06:50,057",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-04-27 21:06:50,057",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-04-27 21:06:50,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-04-27 21:06:50,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-04-27 21:06:50,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-04-27 21:06:50,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-04-27 21:06:50,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-04-27 21:06:50,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-04-27 21:06:50,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-04-27 21:06:50,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-04-27 21:06:50,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-04-27 21:06:50,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-04-27 21:06:50,260",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-04-27 21:06:50,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-04-27 21:06:50,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-04-27 21:06:50,322",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-04-27 21:06:50,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-04-27 21:06:50,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-04-27 21:06:50,385",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-04-27 21:06:50,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-04-27 21:06:50,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-04-27 21:06:50,478",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-04-27 21:06:50,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-04-27 21:06:50,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-04-27 21:06:50,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-04-27 21:06:50,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-04-27 21:06:50,650",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-04-27 21:06:50,650",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-04-27 21:06:50,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5559
          },
          {
            "timestamp": "2026-04-27 21:06:50,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-04-27 21:06:50,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-04-27 21:06:50,728",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5562
          },
          {
            "timestamp": "2026-04-27 21:06:50,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-04-27 21:06:50,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-04-27 21:06:50,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-04-27 21:06:50,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-04-27 21:06:50,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-04-27 21:06:50,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-04-27 21:06:50,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-04-27 21:06:50,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-04-27 21:06:50,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-04-27 21:06:50,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-04-27 21:06:50,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-04-27 21:06:50,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-04-27 21:06:50,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-04-27 21:06:51,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-04-27 21:06:51,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-04-27 21:06:51,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-04-27 21:06:51,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-04-27 21:06:51,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-04-27 21:06:51,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-04-27 21:06:51,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-04-27 21:06:51,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-04-27 21:06:51,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-04-27 21:06:51,166",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-04-27 21:06:51,166",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-04-27 21:06:51,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-04-27 21:06:51,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-04-27 21:06:51,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-04-27 21:06:51,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-04-27 21:06:51,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-04-27 21:06:51,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-04-27 21:06:51,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-04-27 21:06:51,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-04-27 21:06:51,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-04-27 21:06:51,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-04-27 21:06:51,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-04-27 21:06:51,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-04-27 21:06:51,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-04-27 21:06:51,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-04-27 21:06:51,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-04-27 21:06:51,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-04-27 21:06:51,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-04-27 21:06:51,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-04-27 21:06:51,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-04-27 21:06:51,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-04-27 21:06:51,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-04-27 21:06:51,682",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-04-27 21:06:51,682",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-04-27 21:06:51,728",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5610
          },
          {
            "timestamp": "2026-04-27 21:06:51,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-04-27 21:06:51,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-04-27 21:06:51,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-04-27 21:06:51,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-04-27 21:06:51,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-04-27 21:06:51,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-04-27 21:06:51,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-04-27 21:06:51,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-04-27 21:06:51,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5619
          },
          {
            "timestamp": "2026-04-27 21:06:51,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-04-27 21:06:51,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-04-27 21:06:51,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-04-27 21:06:51,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-04-27 21:06:51,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-04-27 21:06:51,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-04-27 21:06:51,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-04-27 21:06:52,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-04-27 21:06:52,041",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-04-27 21:06:52,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-04-27 21:06:52,103",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-04-27 21:06:52,103",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-04-27 21:06:52,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-04-27 21:06:52,166",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-04-27 21:06:52,166",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-04-27 21:06:52,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-04-27 21:06:52,213",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-04-27 21:06:52,213",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-04-27 21:06:52,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-04-27 21:06:52,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-04-27 21:06:52,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5640
          },
          {
            "timestamp": "2026-04-27 21:06:52,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-04-27 21:06:52,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-04-27 21:06:52,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-04-27 21:06:52,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-04-27 21:06:52,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-04-27 21:06:52,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-04-27 21:06:52,447",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-04-27 21:06:52,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5648
          },
          {
            "timestamp": "2026-04-27 21:06:52,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-04-27 21:06:52,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-04-27 21:06:52,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-04-27 21:06:52,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-04-27 21:06:52,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-04-27 21:06:52,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5655
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-04-27 21:06:52,728",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-04-27 21:06:52,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-04-27 21:06:52,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-04-27 21:06:52,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-04-27 21:06:52,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-04-27 21:06:52,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-04-27 21:06:52,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-04-27 21:06:52,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-04-27 21:06:52,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-04-27 21:06:52,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-04-27 21:06:52,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-04-27 21:06:52,994",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-04-27 21:06:52,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-04-27 21:06:53,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-04-27 21:06:53,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-04-27 21:06:53,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5676
          },
          {
            "timestamp": "2026-04-27 21:06:53,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-04-27 21:06:53,135",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-04-27 21:06:53,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-04-27 21:06:53,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-04-27 21:06:53,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-04-27 21:06:53,244",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-04-27 21:06:53,244",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-04-27 21:06:53,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-04-27 21:06:53,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-04-27 21:06:53,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-04-27 21:06:53,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-04-27 21:06:53,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-04-27 21:06:53,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-04-27 21:06:53,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-04-27 21:06:53,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-04-27 21:06:53,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-04-27 21:06:53,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-04-27 21:06:53,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-04-27 21:06:53,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-04-27 21:06:53,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-04-27 21:06:53,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-04-27 21:06:53,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-04-27 21:06:53,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-04-27 21:06:53,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-04-27 21:06:53,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-04-27 21:06:53,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-04-27 21:06:53,666",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-04-27 21:06:53,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-04-27 21:06:53,728",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5705
          },
          {
            "timestamp": "2026-04-27 21:06:53,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-04-27 21:06:53,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-04-27 21:06:53,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-04-27 21:06:53,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-04-27 21:06:53,760",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-04-27 21:06:53,760",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-04-27 21:06:53,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-04-27 21:06:53,807",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-04-27 21:06:53,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-04-27 21:06:53,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-04-27 21:06:53,869",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-04-27 21:06:53,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-04-27 21:06:53,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-04-27 21:06:53,932",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-04-27 21:06:53,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-04-27 21:06:53,978",
            "thread_id": "7312",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0704d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-04-27 21:06:53,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-04-27 21:06:53,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-04-27 21:06:53,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-04-27 21:06:53,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-04-27 21:06:53,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x0864c6f4",
            "parentcaller": "0x0864c640",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000668",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1640"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000668"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "2068",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "7312",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1640"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-04-27 21:06:54,057",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-04-27 21:06:54,072",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1640"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-04-27 21:06:54,072",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-04-27 21:06:54,072",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-04-27 21:06:54,072",
            "thread_id": "7312",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-04-27 21:06:54,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-04-27 21:06:54,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-04-27 21:06:54,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-04-27 21:06:54,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-04-27 21:06:54,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-04-27 21:06:54,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-04-27 21:06:54,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-04-27 21:06:54,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-04-27 21:06:54,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-04-27 21:06:54,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-04-27 21:06:54,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-04-27 21:06:54,275",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-04-27 21:06:54,275",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-04-27 21:06:54,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-04-27 21:06:54,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-04-27 21:06:54,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-04-27 21:06:54,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-04-27 21:06:54,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-04-27 21:06:54,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-04-27 21:06:54,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-04-27 21:06:54,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-04-27 21:06:54,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-04-27 21:06:54,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-04-27 21:06:54,510",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-04-27 21:06:54,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-04-27 21:06:54,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-04-27 21:06:54,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-04-27 21:06:54,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-04-27 21:06:54,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-04-27 21:06:54,635",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-04-27 21:06:54,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-04-27 21:06:54,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-04-27 21:06:54,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-04-27 21:06:54,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-04-27 21:06:54,744",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5789
          },
          {
            "timestamp": "2026-04-27 21:06:54,744",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-04-27 21:06:54,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-04-27 21:06:54,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-04-27 21:06:54,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-04-27 21:06:54,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-04-27 21:06:54,791",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-04-27 21:06:54,791",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-04-27 21:06:54,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-04-27 21:06:54,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-04-27 21:06:54,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5799
          },
          {
            "timestamp": "2026-04-27 21:06:54,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-04-27 21:06:54,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-04-27 21:06:55,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-04-27 21:06:55,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-04-27 21:06:55,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-04-27 21:06:55,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-04-27 21:06:55,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-04-27 21:06:55,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5807
          },
          {
            "timestamp": "2026-04-27 21:06:55,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-04-27 21:06:55,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-04-27 21:06:55,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5810
          },
          {
            "timestamp": "2026-04-27 21:06:55,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-04-27 21:06:55,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-04-27 21:06:55,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-04-27 21:06:55,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-04-27 21:06:55,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-04-27 21:06:55,307",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-04-27 21:06:55,307",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-04-27 21:06:55,353",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-04-27 21:06:55,353",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-04-27 21:06:55,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5820
          },
          {
            "timestamp": "2026-04-27 21:06:55,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-04-27 21:06:55,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-04-27 21:06:55,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-04-27 21:06:55,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-04-27 21:06:55,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-04-27 21:06:55,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-04-27 21:06:55,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-04-27 21:06:55,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-04-27 21:06:55,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-04-27 21:06:55,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-04-27 21:06:55,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-04-27 21:06:55,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-04-27 21:06:55,682",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-04-27 21:06:55,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-04-27 21:06:55,760",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5835
          },
          {
            "timestamp": "2026-04-27 21:06:55,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-04-27 21:06:55,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-04-27 21:06:55,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-04-27 21:06:55,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-04-27 21:06:55,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-04-27 21:06:55,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-04-27 21:06:55,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-04-27 21:06:55,822",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-04-27 21:06:55,822",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-04-27 21:06:55,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-04-27 21:06:55,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-04-27 21:06:55,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-04-27 21:06:55,916",
            "thread_id": "3676",
            "caller": "0x76938f18",
            "parentcaller": "0x76938dcd",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-04-27 21:06:55,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-04-27 21:06:55,947",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-04-27 21:06:55,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-04-27 21:06:56,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-04-27 21:06:56,010",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-04-27 21:06:56,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-04-27 21:06:56,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-04-27 21:06:56,088",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-04-27 21:06:56,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-04-27 21:06:56,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-04-27 21:06:56,150",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-04-27 21:06:56,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-04-27 21:06:56,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-04-27 21:06:56,213",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-04-27 21:06:56,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-04-27 21:06:56,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-04-27 21:06:56,275",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-04-27 21:06:56,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-04-27 21:06:56,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-04-27 21:06:56,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-04-27 21:06:56,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-04-27 21:06:56,338",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-04-27 21:06:56,338",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-04-27 21:06:56,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-04-27 21:06:56,400",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-04-27 21:06:56,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-04-27 21:06:56,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-04-27 21:06:56,463",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-04-27 21:06:56,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-04-27 21:06:56,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-04-27 21:06:56,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-04-27 21:06:56,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-04-27 21:06:56,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-04-27 21:06:56,588",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-04-27 21:06:56,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-04-27 21:06:56,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-04-27 21:06:56,650",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-04-27 21:06:56,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-04-27 21:06:56,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-04-27 21:06:56,728",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-04-27 21:06:56,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "32"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-04-27 21:06:56,775",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5890
          },
          {
            "timestamp": "2026-04-27 21:06:56,775",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-04-27 21:06:56,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-04-27 21:06:56,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-04-27 21:06:56,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-04-27 21:06:56,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-04-27 21:06:56,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-04-27 21:06:56,853",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-04-27 21:06:56,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-04-27 21:06:56,853",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-04-27 21:06:56,853",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-04-27 21:06:56,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-04-27 21:06:56,916",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-04-27 21:06:56,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 5903
          },
          {
            "timestamp": "2026-04-27 21:06:57,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-04-27 21:06:57,057",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-04-27 21:06:57,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-04-27 21:06:57,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-04-27 21:06:57,119",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-04-27 21:06:57,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-04-27 21:06:57,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-04-27 21:06:57,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-04-27 21:06:57,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-04-27 21:06:57,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-04-27 21:06:57,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-04-27 21:06:57,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-04-27 21:06:57,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-04-27 21:06:57,307",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-04-27 21:06:57,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-04-27 21:06:57,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-04-27 21:06:57,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-04-27 21:06:57,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-04-27 21:06:57,369",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-04-27 21:06:57,369",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-04-27 21:06:57,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-04-27 21:06:57,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-04-27 21:06:57,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-04-27 21:06:57,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-04-27 21:06:57,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-04-27 21:06:57,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-04-27 21:06:57,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-04-27 21:06:57,557",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-04-27 21:06:57,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-04-27 21:06:57,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-04-27 21:06:57,619",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-04-27 21:06:57,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-04-27 21:06:57,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-04-27 21:06:57,697",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-04-27 21:06:57,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-04-27 21:06:57,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-04-27 21:06:57,760",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-04-27 21:06:57,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-04-27 21:06:57,791",
            "thread_id": "2068",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 5942
          },
          {
            "timestamp": "2026-04-27 21:06:57,791",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-04-27 21:06:57,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-04-27 21:06:57,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-04-27 21:06:57,822",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-04-27 21:06:57,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-04-27 21:06:57,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-04-27 21:06:57,885",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-04-27 21:06:57,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-04-27 21:06:57,885",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-04-27 21:06:57,885",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-04-27 21:06:57,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-04-27 21:06:57,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-04-27 21:06:57,978",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-04-27 21:06:58,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-04-27 21:06:58,072",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-04-27 21:06:58,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-04-27 21:06:58,135",
            "thread_id": "7312",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0706d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-04-27 21:06:58,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-04-27 21:06:58,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-04-27 21:06:58,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-04-27 21:06:58,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-04-27 21:06:58,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1648"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000066c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1644"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1644"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000066c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1644"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1644"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1644"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1644"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1644"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-04-27 21:06:58,182",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-04-27 21:06:58,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-04-27 21:06:58,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-04-27 21:06:58,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-04-27 21:06:58,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-04-27 21:06:58,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-04-27 21:06:58,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-04-27 21:06:58,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-04-27 21:06:58,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-04-27 21:06:58,447",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-04-27 21:06:58,447",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-04-27 21:06:58,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-04-27 21:06:58,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-04-27 21:06:58,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-04-27 21:06:58,510",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-04-27 21:06:58,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-04-27 21:06:58,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-04-27 21:06:58,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-04-27 21:06:58,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-04-27 21:06:58,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-04-27 21:06:58,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6005
          },
          {
            "timestamp": "2026-04-27 21:06:58,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-04-27 21:06:58,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-04-27 21:06:58,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-04-27 21:06:58,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-04-27 21:06:58,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-04-27 21:06:58,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-04-27 21:06:58,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-04-27 21:06:58,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-04-27 21:06:58,807",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6014
          },
          {
            "timestamp": "2026-04-27 21:06:58,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-04-27 21:06:58,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "18"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-04-27 21:06:58,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-04-27 21:06:58,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-04-27 21:06:58,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-04-27 21:06:58,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-04-27 21:06:58,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-04-27 21:06:58,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-04-27 21:06:58,947",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-04-27 21:06:58,947",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-04-27 21:06:58,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-04-27 21:06:58,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-04-27 21:06:58,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-04-27 21:06:59,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-04-27 21:06:59,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-04-27 21:06:59,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-04-27 21:06:59,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-04-27 21:06:59,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-04-27 21:06:59,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6033
          },
          {
            "timestamp": "2026-04-27 21:06:59,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-04-27 21:06:59,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-04-27 21:06:59,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-04-27 21:06:59,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-04-27 21:06:59,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-04-27 21:06:59,338",
            "thread_id": "3524",
            "caller": "0x7726269a",
            "parentcaller": "0x77c7a9de",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000430"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-04-27 21:06:59,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-04-27 21:06:59,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-04-27 21:06:59,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-04-27 21:06:59,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-04-27 21:06:59,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-04-27 21:06:59,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-04-27 21:06:59,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-04-27 21:06:59,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-04-27 21:06:59,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-04-27 21:06:59,494",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-04-27 21:06:59,494",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-04-27 21:06:59,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-04-27 21:06:59,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-04-27 21:06:59,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-04-27 21:06:59,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-04-27 21:06:59,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-04-27 21:06:59,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-04-27 21:06:59,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-04-27 21:06:59,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-04-27 21:06:59,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-04-27 21:06:59,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-04-27 21:06:59,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-04-27 21:06:59,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-04-27 21:06:59,807",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6063
          },
          {
            "timestamp": "2026-04-27 21:06:59,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-04-27 21:06:59,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-04-27 21:06:59,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-04-27 21:06:59,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-04-27 21:06:59,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-04-27 21:06:59,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-04-27 21:06:59,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-04-27 21:06:59,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-04-27 21:06:59,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-04-27 21:06:59,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-04-27 21:07:00,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-04-27 21:07:00,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-04-27 21:07:00,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-04-27 21:07:00,010",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-04-27 21:07:00,010",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-04-27 21:07:00,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-04-27 21:07:00,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-04-27 21:07:00,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-04-27 21:07:00,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-04-27 21:07:00,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-04-27 21:07:00,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-04-27 21:07:00,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-04-27 21:07:00,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-04-27 21:07:00,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-04-27 21:07:00,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-04-27 21:07:00,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-04-27 21:07:00,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-04-27 21:07:00,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-04-27 21:07:00,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-04-27 21:07:00,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-04-27 21:07:00,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-04-27 21:07:00,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-04-27 21:07:00,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6096
          },
          {
            "timestamp": "2026-04-27 21:07:00,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-04-27 21:07:00,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-04-27 21:07:00,525",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-04-27 21:07:00,525",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-04-27 21:07:00,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-04-27 21:07:00,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-04-27 21:07:00,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-04-27 21:07:00,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-04-27 21:07:00,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-04-27 21:07:00,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-04-27 21:07:00,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-04-27 21:07:00,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-04-27 21:07:00,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-04-27 21:07:00,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-04-27 21:07:00,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-04-27 21:07:00,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-04-27 21:07:00,807",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6113
          },
          {
            "timestamp": "2026-04-27 21:07:00,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-04-27 21:07:00,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-04-27 21:07:00,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-04-27 21:07:00,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-04-27 21:07:00,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-04-27 21:07:00,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-04-27 21:07:00,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-04-27 21:07:00,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-04-27 21:07:00,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-04-27 21:07:00,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-04-27 21:07:01,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-04-27 21:07:01,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-04-27 21:07:01,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-04-27 21:07:01,041",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-04-27 21:07:01,041",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-04-27 21:07:01,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-04-27 21:07:01,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-04-27 21:07:01,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-04-27 21:07:01,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-04-27 21:07:01,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-04-27 21:07:01,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-04-27 21:07:01,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-04-27 21:07:01,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-04-27 21:07:01,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-04-27 21:07:01,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-04-27 21:07:01,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-04-27 21:07:01,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-04-27 21:07:01,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-04-27 21:07:01,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-04-27 21:07:01,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-04-27 21:07:01,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-04-27 21:07:01,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-04-27 21:07:01,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-04-27 21:07:01,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-04-27 21:07:01,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-04-27 21:07:01,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-04-27 21:07:01,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-04-27 21:07:01,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-04-27 21:07:01,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-04-27 21:07:01,557",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-04-27 21:07:01,557",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-04-27 21:07:01,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-04-27 21:07:01,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-04-27 21:07:01,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-04-27 21:07:01,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-04-27 21:07:01,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-04-27 21:07:01,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-04-27 21:07:01,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-04-27 21:07:01,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-04-27 21:07:01,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-04-27 21:07:01,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-04-27 21:07:01,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-04-27 21:07:01,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-04-27 21:07:01,822",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6167
          },
          {
            "timestamp": "2026-04-27 21:07:01,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-04-27 21:07:01,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-04-27 21:07:01,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-04-27 21:07:01,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-04-27 21:07:01,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-04-27 21:07:01,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-04-27 21:07:01,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-04-27 21:07:01,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-04-27 21:07:01,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-04-27 21:07:01,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-04-27 21:07:01,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-04-27 21:07:02,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-04-27 21:07:02,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-04-27 21:07:02,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-04-27 21:07:02,088",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-04-27 21:07:02,088",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-04-27 21:07:02,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-04-27 21:07:02,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6185
          },
          {
            "timestamp": "2026-04-27 21:07:02,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6186
          },
          {
            "timestamp": "2026-04-27 21:07:02,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-04-27 21:07:02,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-04-27 21:07:02,197",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0708d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-04-27 21:07:02,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-04-27 21:07:02,197",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6191
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000678",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000678"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1656"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1656"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-04-27 21:07:02,228",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-04-27 21:07:02,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-04-27 21:07:02,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-04-27 21:07:02,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-04-27 21:07:02,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-04-27 21:07:02,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-04-27 21:07:02,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-04-27 21:07:02,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-04-27 21:07:02,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-04-27 21:07:02,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-04-27 21:07:02,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-04-27 21:07:02,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-04-27 21:07:02,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-04-27 21:07:02,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-04-27 21:07:02,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-04-27 21:07:02,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-04-27 21:07:02,541",
            "thread_id": "6580",
            "caller": "0x051e6c3e",
            "parentcaller": "0x051e6c67",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20000"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-04-27 21:07:02,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-04-27 21:07:02,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-04-27 21:07:02,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-04-27 21:07:02,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6235
          },
          {
            "timestamp": "2026-04-27 21:07:02,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-04-27 21:07:02,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-04-27 21:07:02,682",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-04-27 21:07:02,682",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-04-27 21:07:02,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-04-27 21:07:02,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6241
          },
          {
            "timestamp": "2026-04-27 21:07:02,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-04-27 21:07:02,822",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6243
          },
          {
            "timestamp": "2026-04-27 21:07:02,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-04-27 21:07:02,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-04-27 21:07:02,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-04-27 21:07:02,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6247
          },
          {
            "timestamp": "2026-04-27 21:07:02,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-04-27 21:07:02,916",
            "thread_id": "1368",
            "caller": "0x77eab5a6",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1368"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-04-27 21:07:02,947",
            "thread_id": "1368",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-04-27 21:07:02,947",
            "thread_id": "1368",
            "caller": "0x7726269a",
            "parentcaller": "0x7693c192",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a0"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-04-27 21:07:02,947",
            "thread_id": "1368",
            "caller": "0x7726269a",
            "parentcaller": "0x7693c214",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-04-27 21:07:02,947",
            "thread_id": "1368",
            "caller": "0x77eab5c9",
            "parentcaller": "0x77e760fc",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6253
          },
          {
            "timestamp": "2026-04-27 21:07:02,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-04-27 21:07:02,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-04-27 21:07:02,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6256
          },
          {
            "timestamp": "2026-04-27 21:07:03,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-04-27 21:07:03,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-04-27 21:07:03,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6259
          },
          {
            "timestamp": "2026-04-27 21:07:03,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-04-27 21:07:03,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-04-27 21:07:03,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-04-27 21:07:03,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-04-27 21:07:03,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-04-27 21:07:03,197",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6265
          },
          {
            "timestamp": "2026-04-27 21:07:03,197",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-04-27 21:07:03,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-04-27 21:07:03,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-04-27 21:07:03,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-04-27 21:07:03,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-04-27 21:07:03,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6271
          },
          {
            "timestamp": "2026-04-27 21:07:03,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-04-27 21:07:03,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-04-27 21:07:03,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-04-27 21:07:03,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-04-27 21:07:03,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-04-27 21:07:03,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6277
          },
          {
            "timestamp": "2026-04-27 21:07:03,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-04-27 21:07:03,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-04-27 21:07:03,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-04-27 21:07:03,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-04-27 21:07:03,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-04-27 21:07:03,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-04-27 21:07:03,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6284
          },
          {
            "timestamp": "2026-04-27 21:07:03,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-04-27 21:07:03,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-04-27 21:07:03,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-04-27 21:07:03,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-04-27 21:07:03,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-04-27 21:07:03,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6290
          },
          {
            "timestamp": "2026-04-27 21:07:03,713",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-04-27 21:07:03,713",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-04-27 21:07:03,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-04-27 21:07:03,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-04-27 21:07:03,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "47"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-04-27 21:07:03,838",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6296
          },
          {
            "timestamp": "2026-04-27 21:07:03,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-04-27 21:07:03,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-04-27 21:07:03,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-04-27 21:07:03,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-04-27 21:07:03,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-04-27 21:07:03,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6302
          },
          {
            "timestamp": "2026-04-27 21:07:03,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-04-27 21:07:03,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-04-27 21:07:03,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-04-27 21:07:03,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-04-27 21:07:04,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-04-27 21:07:04,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6308
          },
          {
            "timestamp": "2026-04-27 21:07:04,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-04-27 21:07:04,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6310
          },
          {
            "timestamp": "2026-04-27 21:07:04,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-04-27 21:07:04,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-04-27 21:07:04,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-04-27 21:07:04,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6314
          },
          {
            "timestamp": "2026-04-27 21:07:04,244",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-04-27 21:07:04,244",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-04-27 21:07:04,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-04-27 21:07:04,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-04-27 21:07:04,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-04-27 21:07:04,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6320
          },
          {
            "timestamp": "2026-04-27 21:07:04,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-04-27 21:07:04,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-04-27 21:07:04,447",
            "thread_id": "7312",
            "caller": "0x051eb1f3",
            "parentcaller": "0x051eb0c7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x057c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-04-27 21:07:04,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-04-27 21:07:04,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-04-27 21:07:04,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-04-27 21:07:04,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6327
          },
          {
            "timestamp": "2026-04-27 21:07:04,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-04-27 21:07:04,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-04-27 21:07:04,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-04-27 21:07:04,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-04-27 21:07:04,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-04-27 21:07:04,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6333
          },
          {
            "timestamp": "2026-04-27 21:07:04,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-04-27 21:07:04,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-04-27 21:07:04,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-04-27 21:07:04,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-04-27 21:07:04,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-04-27 21:07:04,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6339
          },
          {
            "timestamp": "2026-04-27 21:07:04,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-04-27 21:07:04,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-04-27 21:07:04,775",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-04-27 21:07:04,775",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-04-27 21:07:04,838",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6344
          },
          {
            "timestamp": "2026-04-27 21:07:04,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6345
          },
          {
            "timestamp": "2026-04-27 21:07:04,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-04-27 21:07:04,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-04-27 21:07:04,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-04-27 21:07:04,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-04-27 21:07:04,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-04-27 21:07:04,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6351
          },
          {
            "timestamp": "2026-04-27 21:07:04,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-04-27 21:07:04,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-04-27 21:07:04,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-04-27 21:07:05,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-04-27 21:07:05,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-04-27 21:07:05,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-04-27 21:07:05,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6358
          },
          {
            "timestamp": "2026-04-27 21:07:05,103",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-04-27 21:07:05,103",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6360
          },
          {
            "timestamp": "2026-04-27 21:07:05,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-04-27 21:07:05,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6362
          },
          {
            "timestamp": "2026-04-27 21:07:05,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-04-27 21:07:05,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-04-27 21:07:05,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-04-27 21:07:05,228",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-04-27 21:07:05,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-04-27 21:07:05,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-04-27 21:07:05,307",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-04-27 21:07:05,307",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-04-27 21:07:05,307",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-04-27 21:07:05,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-04-27 21:07:05,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-04-27 21:07:05,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-04-27 21:07:05,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-04-27 21:07:05,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6376
          },
          {
            "timestamp": "2026-04-27 21:07:05,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-04-27 21:07:05,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-04-27 21:07:05,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-04-27 21:07:05,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-04-27 21:07:05,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6381
          },
          {
            "timestamp": "2026-04-27 21:07:05,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6382
          },
          {
            "timestamp": "2026-04-27 21:07:05,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-04-27 21:07:05,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-04-27 21:07:05,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-04-27 21:07:05,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-04-27 21:07:05,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-04-27 21:07:05,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6388
          },
          {
            "timestamp": "2026-04-27 21:07:05,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-04-27 21:07:05,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-04-27 21:07:05,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-04-27 21:07:05,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-04-27 21:07:05,822",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-04-27 21:07:05,822",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6394
          },
          {
            "timestamp": "2026-04-27 21:07:05,838",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6395
          },
          {
            "timestamp": "2026-04-27 21:07:05,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-04-27 21:07:05,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-04-27 21:07:05,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-04-27 21:07:05,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-04-27 21:07:05,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6400
          },
          {
            "timestamp": "2026-04-27 21:07:05,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-04-27 21:07:05,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-04-27 21:07:05,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-04-27 21:07:05,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-04-27 21:07:05,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-04-27 21:07:06,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6406
          },
          {
            "timestamp": "2026-04-27 21:07:06,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-04-27 21:07:06,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-04-27 21:07:06,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-04-27 21:07:06,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-04-27 21:07:06,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-04-27 21:07:06,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6412
          },
          {
            "timestamp": "2026-04-27 21:07:06,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-04-27 21:07:06,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-04-27 21:07:06,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-04-27 21:07:06,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-04-27 21:07:06,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-04-27 21:07:06,244",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x070ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-04-27 21:07:06,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-04-27 21:07:06,244",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-04-27 21:07:06,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-04-27 21:07:06,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-04-27 21:07:06,291",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 6427
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000524",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1316"
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6429
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000524"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 6432
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6438
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6442
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1316"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1316"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 6448
          },
          {
            "timestamp": "2026-04-27 21:07:06,338",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-04-27 21:07:06,353",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6450
          },
          {
            "timestamp": "2026-04-27 21:07:06,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-04-27 21:07:06,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6452
          },
          {
            "timestamp": "2026-04-27 21:07:06,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-04-27 21:07:06,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-04-27 21:07:06,416",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-04-27 21:07:06,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-04-27 21:07:06,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-04-27 21:07:06,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-04-27 21:07:06,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-04-27 21:07:06,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-04-27 21:07:06,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-04-27 21:07:06,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-04-27 21:07:06,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-04-27 21:07:06,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-04-27 21:07:06,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-04-27 21:07:06,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6466
          },
          {
            "timestamp": "2026-04-27 21:07:06,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-04-27 21:07:06,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-04-27 21:07:06,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-04-27 21:07:06,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-04-27 21:07:06,853",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-04-27 21:07:06,853",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-04-27 21:07:06,853",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6473
          },
          {
            "timestamp": "2026-04-27 21:07:06,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-04-27 21:07:06,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-04-27 21:07:06,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-04-27 21:07:06,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-04-27 21:07:06,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-04-27 21:07:06,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-04-27 21:07:06,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-04-27 21:07:06,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6481
          },
          {
            "timestamp": "2026-04-27 21:07:06,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-04-27 21:07:06,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6483
          },
          {
            "timestamp": "2026-04-27 21:07:06,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-04-27 21:07:07,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-04-27 21:07:07,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6486
          },
          {
            "timestamp": "2026-04-27 21:07:07,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-04-27 21:07:07,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-04-27 21:07:07,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-04-27 21:07:07,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-04-27 21:07:07,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-04-27 21:07:07,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6492
          },
          {
            "timestamp": "2026-04-27 21:07:07,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-04-27 21:07:07,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6494
          },
          {
            "timestamp": "2026-04-27 21:07:07,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-04-27 21:07:07,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6496
          },
          {
            "timestamp": "2026-04-27 21:07:07,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-04-27 21:07:07,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6498
          },
          {
            "timestamp": "2026-04-27 21:07:07,369",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-04-27 21:07:07,369",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6500
          },
          {
            "timestamp": "2026-04-27 21:07:07,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-04-27 21:07:07,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-04-27 21:07:07,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-04-27 21:07:07,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6504
          },
          {
            "timestamp": "2026-04-27 21:07:07,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-04-27 21:07:07,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-04-27 21:07:07,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-04-27 21:07:07,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-04-27 21:07:07,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-04-27 21:07:07,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-04-27 21:07:07,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-04-27 21:07:07,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6512
          },
          {
            "timestamp": "2026-04-27 21:07:07,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-04-27 21:07:07,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-04-27 21:07:07,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-04-27 21:07:07,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 6516
          },
          {
            "timestamp": "2026-04-27 21:07:07,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-04-27 21:07:07,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6519
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6520
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6522
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6523
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-04-27 21:07:07,885",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6525
          },
          {
            "timestamp": "2026-04-27 21:07:07,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6526
          },
          {
            "timestamp": "2026-04-27 21:07:07,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-04-27 21:07:07,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-04-27 21:07:08,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6529
          },
          {
            "timestamp": "2026-04-27 21:07:08,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-04-27 21:07:08,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6531
          },
          {
            "timestamp": "2026-04-27 21:07:08,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-04-27 21:07:08,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6533
          },
          {
            "timestamp": "2026-04-27 21:07:08,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-04-27 21:07:08,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6535
          },
          {
            "timestamp": "2026-04-27 21:07:08,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-04-27 21:07:08,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6537
          },
          {
            "timestamp": "2026-04-27 21:07:08,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6538
          },
          {
            "timestamp": "2026-04-27 21:07:08,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-04-27 21:07:08,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6540
          },
          {
            "timestamp": "2026-04-27 21:07:08,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6541
          },
          {
            "timestamp": "2026-04-27 21:07:08,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-04-27 21:07:08,447",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6543
          },
          {
            "timestamp": "2026-04-27 21:07:08,447",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-04-27 21:07:08,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-04-27 21:07:08,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6546
          },
          {
            "timestamp": "2026-04-27 21:07:08,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6547
          },
          {
            "timestamp": "2026-04-27 21:07:08,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6548
          },
          {
            "timestamp": "2026-04-27 21:07:08,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6549
          },
          {
            "timestamp": "2026-04-27 21:07:08,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6550
          },
          {
            "timestamp": "2026-04-27 21:07:08,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-04-27 21:07:08,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-04-27 21:07:08,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6553
          },
          {
            "timestamp": "2026-04-27 21:07:08,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-04-27 21:07:08,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6555
          },
          {
            "timestamp": "2026-04-27 21:07:08,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-04-27 21:07:08,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-04-27 21:07:08,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-04-27 21:07:08,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-04-27 21:07:08,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-04-27 21:07:08,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6561
          },
          {
            "timestamp": "2026-04-27 21:07:08,885",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6562
          },
          {
            "timestamp": "2026-04-27 21:07:08,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-04-27 21:07:08,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-04-27 21:07:08,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-04-27 21:07:08,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6566
          },
          {
            "timestamp": "2026-04-27 21:07:08,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6567
          },
          {
            "timestamp": "2026-04-27 21:07:08,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-04-27 21:07:08,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-04-27 21:07:08,963",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-04-27 21:07:08,963",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-04-27 21:07:09,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-04-27 21:07:09,010",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6573
          },
          {
            "timestamp": "2026-04-27 21:07:09,010",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-04-27 21:07:09,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-04-27 21:07:09,072",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-04-27 21:07:09,072",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-04-27 21:07:09,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-04-27 21:07:09,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6579
          },
          {
            "timestamp": "2026-04-27 21:07:09,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-04-27 21:07:09,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-04-27 21:07:09,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-04-27 21:07:09,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-04-27 21:07:09,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-04-27 21:07:09,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6585
          },
          {
            "timestamp": "2026-04-27 21:07:09,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-04-27 21:07:09,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-04-27 21:07:09,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-04-27 21:07:09,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-04-27 21:07:09,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-04-27 21:07:09,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6591
          },
          {
            "timestamp": "2026-04-27 21:07:09,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-04-27 21:07:09,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-04-27 21:07:09,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-04-27 21:07:09,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-04-27 21:07:09,478",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-04-27 21:07:09,478",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6597
          },
          {
            "timestamp": "2026-04-27 21:07:09,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-04-27 21:07:09,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-04-27 21:07:09,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-04-27 21:07:09,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-04-27 21:07:09,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-04-27 21:07:09,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6603
          },
          {
            "timestamp": "2026-04-27 21:07:09,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-04-27 21:07:09,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-04-27 21:07:09,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6606
          },
          {
            "timestamp": "2026-04-27 21:07:09,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-04-27 21:07:09,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-04-27 21:07:09,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6609
          },
          {
            "timestamp": "2026-04-27 21:07:09,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-04-27 21:07:09,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-04-27 21:07:09,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-04-27 21:07:09,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-04-27 21:07:09,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6614
          },
          {
            "timestamp": "2026-04-27 21:07:09,900",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6615
          },
          {
            "timestamp": "2026-04-27 21:07:09,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-04-27 21:07:09,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6617
          },
          {
            "timestamp": "2026-04-27 21:07:09,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-04-27 21:07:09,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-04-27 21:07:09,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-04-27 21:07:09,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6621
          },
          {
            "timestamp": "2026-04-27 21:07:09,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-04-27 21:07:09,994",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-04-27 21:07:09,994",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6624
          },
          {
            "timestamp": "2026-04-27 21:07:10,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6625
          },
          {
            "timestamp": "2026-04-27 21:07:10,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-04-27 21:07:10,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6627
          },
          {
            "timestamp": "2026-04-27 21:07:10,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-04-27 21:07:10,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6629
          },
          {
            "timestamp": "2026-04-27 21:07:10,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-04-27 21:07:10,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-04-27 21:07:10,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-04-27 21:07:10,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6633
          },
          {
            "timestamp": "2026-04-27 21:07:10,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-04-27 21:07:10,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-04-27 21:07:10,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6636
          },
          {
            "timestamp": "2026-04-27 21:07:10,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-04-27 21:07:10,307",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xc0\\x90\\x00\\xf8\\x19\\x00\\x00\\x14\\x08\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2068"
              }
            ],
            "repeated": 0,
            "id": 6639
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "24"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "8191"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06568000"
              },
              {
                "name": "RegionSize",
                "value": "0x00041000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x0085e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-04-27 21:07:10,353",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0026d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "2068",
            "caller": "0x0864bfc4",
            "parentcaller": "0x0864beb7",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "24"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "8191"
              }
            ],
            "repeated": 0,
            "id": 6645
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x737e55cd",
            "parentcaller": "0x73941718",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000648"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000524"
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 6651
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000060c"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000658"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000630"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 6657
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000638"
              }
            ],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000650"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000052c"
              }
            ],
            "repeated": 0,
            "id": 6663
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x772765db",
            "parentcaller": "0x73947ec0",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x0000035c"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xe0\\x8e\\x00\\xf8\\x19\\x00\\x00\\xc4\\x0f\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4036"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000574"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056c"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000564"
              }
            ],
            "repeated": 0,
            "id": 6669
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 6671
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x077f0266",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6673
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "4036",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002e4"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-04-27 21:07:10,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x000004a0",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1184"
              }
            ],
            "repeated": 0,
            "id": 6687
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a0"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "104.21.33.27"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6693
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6697
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 6699
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1184"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-04-27 21:07:10,432",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-04-27 21:07:10,447",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1184"
              }
            ],
            "repeated": 0,
            "id": 6705
          },
          {
            "timestamp": "2026-04-27 21:07:10,447",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-04-27 21:07:10,447",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-04-27 21:07:10,447",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-04-27 21:07:10,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-04-27 21:07:10,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-04-27 21:07:10,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6711
          },
          {
            "timestamp": "2026-04-27 21:07:10,494",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-04-27 21:07:10,494",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-04-27 21:07:10,525",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-04-27 21:07:10,525",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-04-27 21:07:10,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-04-27 21:07:10,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6717
          },
          {
            "timestamp": "2026-04-27 21:07:10,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6718
          },
          {
            "timestamp": "2026-04-27 21:07:10,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-04-27 21:07:10,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-04-27 21:07:10,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-04-27 21:07:10,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-04-27 21:07:10,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-04-27 21:07:10,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-04-27 21:07:10,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-04-27 21:07:10,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-04-27 21:07:10,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-04-27 21:07:10,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-04-27 21:07:10,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-04-27 21:07:10,900",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6730
          },
          {
            "timestamp": "2026-04-27 21:07:10,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-04-27 21:07:10,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6732
          },
          {
            "timestamp": "2026-04-27 21:07:10,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-04-27 21:07:10,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6734
          },
          {
            "timestamp": "2026-04-27 21:07:10,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-04-27 21:07:10,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-04-27 21:07:10,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6737
          },
          {
            "timestamp": "2026-04-27 21:07:11,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-04-27 21:07:11,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-04-27 21:07:11,057",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-04-27 21:07:11,057",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-04-27 21:07:11,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-04-27 21:07:11,119",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6743
          },
          {
            "timestamp": "2026-04-27 21:07:11,119",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-04-27 21:07:11,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-04-27 21:07:11,182",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-04-27 21:07:11,182",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-04-27 21:07:11,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-04-27 21:07:11,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6749
          },
          {
            "timestamp": "2026-04-27 21:07:11,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-04-27 21:07:11,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-04-27 21:07:11,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-04-27 21:07:11,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-04-27 21:07:11,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-04-27 21:07:11,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-04-27 21:07:11,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6756
          },
          {
            "timestamp": "2026-04-27 21:07:11,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-04-27 21:07:11,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-04-27 21:07:11,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-04-27 21:07:11,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-04-27 21:07:11,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-04-27 21:07:11,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-04-27 21:07:11,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-04-27 21:07:11,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6764
          },
          {
            "timestamp": "2026-04-27 21:07:11,572",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-04-27 21:07:11,572",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6766
          },
          {
            "timestamp": "2026-04-27 21:07:11,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-04-27 21:07:11,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-04-27 21:07:11,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6769
          },
          {
            "timestamp": "2026-04-27 21:07:11,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-04-27 21:07:11,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-04-27 21:07:11,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-04-27 21:07:11,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-04-27 21:07:11,760",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-04-27 21:07:11,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6775
          },
          {
            "timestamp": "2026-04-27 21:07:11,838",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-04-27 21:07:11,838",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6777
          },
          {
            "timestamp": "2026-04-27 21:07:11,900",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6778
          },
          {
            "timestamp": "2026-04-27 21:07:11,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6779
          },
          {
            "timestamp": "2026-04-27 21:07:11,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-04-27 21:07:11,900",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6781
          },
          {
            "timestamp": "2026-04-27 21:07:11,900",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-04-27 21:07:11,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-04-27 21:07:11,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-04-27 21:07:11,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-04-27 21:07:12,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-04-27 21:07:12,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6787
          },
          {
            "timestamp": "2026-04-27 21:07:12,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-04-27 21:07:12,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-04-27 21:07:12,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-04-27 21:07:12,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-04-27 21:07:12,088",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-04-27 21:07:12,088",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6793
          },
          {
            "timestamp": "2026-04-27 21:07:12,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-04-27 21:07:12,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-04-27 21:07:12,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6796
          },
          {
            "timestamp": "2026-04-27 21:07:12,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-04-27 21:07:12,228",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-04-27 21:07:12,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6799
          },
          {
            "timestamp": "2026-04-27 21:07:12,291",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-04-27 21:07:12,291",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6801
          },
          {
            "timestamp": "2026-04-27 21:07:12,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-04-27 21:07:12,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6803
          },
          {
            "timestamp": "2026-04-27 21:07:12,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-04-27 21:07:12,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-04-27 21:07:12,447",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-04-27 21:07:12,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-04-27 21:07:12,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-04-27 21:07:12,510",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-04-27 21:07:12,510",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-04-27 21:07:12,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-04-27 21:07:12,572",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-04-27 21:07:12,572",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-04-27 21:07:12,603",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-04-27 21:07:12,603",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-04-27 21:07:12,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-04-27 21:07:12,635",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6817
          },
          {
            "timestamp": "2026-04-27 21:07:12,635",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-04-27 21:07:12,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-04-27 21:07:12,697",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-04-27 21:07:12,697",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6821
          },
          {
            "timestamp": "2026-04-27 21:07:12,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-04-27 21:07:12,760",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6823
          },
          {
            "timestamp": "2026-04-27 21:07:12,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-04-27 21:07:12,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-04-27 21:07:12,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-04-27 21:07:12,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-04-27 21:07:12,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-04-27 21:07:12,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 6829
          },
          {
            "timestamp": "2026-04-27 21:07:12,916",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6830
          },
          {
            "timestamp": "2026-04-27 21:07:12,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-04-27 21:07:12,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-04-27 21:07:12,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-04-27 21:07:12,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-04-27 21:07:12,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6835
          },
          {
            "timestamp": "2026-04-27 21:07:13,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-04-27 21:07:13,025",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-04-27 21:07:13,025",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-04-27 21:07:13,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-04-27 21:07:13,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-04-27 21:07:13,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6841
          },
          {
            "timestamp": "2026-04-27 21:07:13,119",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-04-27 21:07:13,119",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-04-27 21:07:13,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-04-27 21:07:13,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-04-27 21:07:13,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-04-27 21:07:13,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6847
          },
          {
            "timestamp": "2026-04-27 21:07:13,213",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-04-27 21:07:13,213",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-04-27 21:07:13,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-04-27 21:07:13,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-04-27 21:07:13,275",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-04-27 21:07:13,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6853
          },
          {
            "timestamp": "2026-04-27 21:07:13,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-04-27 21:07:13,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-04-27 21:07:13,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-04-27 21:07:13,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-04-27 21:07:13,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-04-27 21:07:13,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6859
          },
          {
            "timestamp": "2026-04-27 21:07:13,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-04-27 21:07:13,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-04-27 21:07:13,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-04-27 21:07:13,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-04-27 21:07:13,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-04-27 21:07:13,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6865
          },
          {
            "timestamp": "2026-04-27 21:07:13,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-04-27 21:07:13,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-04-27 21:07:13,635",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-04-27 21:07:13,635",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-04-27 21:07:13,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-04-27 21:07:13,666",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6871
          },
          {
            "timestamp": "2026-04-27 21:07:13,666",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-04-27 21:07:13,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-04-27 21:07:13,728",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-04-27 21:07:13,728",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-04-27 21:07:13,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-04-27 21:07:13,791",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6877
          },
          {
            "timestamp": "2026-04-27 21:07:13,791",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-04-27 21:07:13,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-04-27 21:07:13,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-04-27 21:07:13,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-04-27 21:07:13,916",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6882
          },
          {
            "timestamp": "2026-04-27 21:07:13,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6883
          },
          {
            "timestamp": "2026-04-27 21:07:13,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-04-27 21:07:13,916",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-04-27 21:07:13,916",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-04-27 21:07:13,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-04-27 21:07:13,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-04-27 21:07:13,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6889
          },
          {
            "timestamp": "2026-04-27 21:07:14,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-04-27 21:07:14,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6891
          },
          {
            "timestamp": "2026-04-27 21:07:14,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-04-27 21:07:14,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6893
          },
          {
            "timestamp": "2026-04-27 21:07:14,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-04-27 21:07:14,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-04-27 21:07:14,166",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-04-27 21:07:14,166",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-04-27 21:07:14,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-04-27 21:07:14,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-04-27 21:07:14,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6900
          },
          {
            "timestamp": "2026-04-27 21:07:14,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-04-27 21:07:14,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-04-27 21:07:14,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-04-27 21:07:14,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-04-27 21:07:14,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-04-27 21:07:14,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-04-27 21:07:14,432",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6907
          },
          {
            "timestamp": "2026-04-27 21:07:14,447",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-04-27 21:07:14,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-04-27 21:07:14,494",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x0000065c",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1628"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000065c"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 6926
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1628"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-04-27 21:07:14,525",
            "thread_id": "3892",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-04-27 21:07:14,541",
            "thread_id": "1796",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1628"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-04-27 21:07:14,541",
            "thread_id": "1796",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-04-27 21:07:14,541",
            "thread_id": "1796",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-04-27 21:07:14,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-04-27 21:07:14,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-04-27 21:07:14,557",
            "thread_id": "2068",
            "caller": "0x0864f6d8",
            "parentcaller": "0x0864f6ae",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-04-27 21:07:14,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-04-27 21:07:14,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-04-27 21:07:14,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-04-27 21:07:14,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-04-27 21:07:14,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-04-27 21:07:14,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-04-27 21:07:14,791",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-04-27 21:07:14,791",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6945
          },
          {
            "timestamp": "2026-04-27 21:07:14,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-04-27 21:07:14,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-04-27 21:07:14,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-04-27 21:07:14,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-04-27 21:07:14,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-04-27 21:07:14,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "31"
              }
            ],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-04-27 21:07:14,947",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 6952
          },
          {
            "timestamp": "2026-04-27 21:07:14,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-04-27 21:07:14,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-04-27 21:07:14,947",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-04-27 21:07:14,947",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-04-27 21:07:15,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6957
          },
          {
            "timestamp": "2026-04-27 21:07:15,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-04-27 21:07:15,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-04-27 21:07:15,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-04-27 21:07:15,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-04-27 21:07:15,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-04-27 21:07:15,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-04-27 21:07:15,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-04-27 21:07:15,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-04-27 21:07:15,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-04-27 21:07:15,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-04-27 21:07:15,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-04-27 21:07:15,307",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-04-27 21:07:15,307",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-04-27 21:07:15,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-04-27 21:07:15,322",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-04-27 21:07:15,322",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-04-27 21:07:15,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-04-27 21:07:15,385",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-04-27 21:07:15,385",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-04-27 21:07:15,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-04-27 21:07:15,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-04-27 21:07:15,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-04-27 21:07:15,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-04-27 21:07:15,541",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-04-27 21:07:15,541",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-04-27 21:07:15,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-04-27 21:07:15,603",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-04-27 21:07:15,603",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 6985
          },
          {
            "timestamp": "2026-04-27 21:07:15,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-04-27 21:07:15,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6987
          },
          {
            "timestamp": "2026-04-27 21:07:15,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-04-27 21:07:15,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-04-27 21:07:15,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-04-27 21:07:15,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-04-27 21:07:15,807",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-04-27 21:07:15,807",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-04-27 21:07:15,822",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-04-27 21:07:15,822",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-04-27 21:07:15,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-04-27 21:07:15,869",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-04-27 21:07:15,869",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-04-27 21:07:15,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-04-27 21:07:15,932",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-04-27 21:07:15,932",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-04-27 21:07:15,978",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7002
          },
          {
            "timestamp": "2026-04-27 21:07:15,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-04-27 21:07:15,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-04-27 21:07:15,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7005
          },
          {
            "timestamp": "2026-04-27 21:07:15,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7006
          },
          {
            "timestamp": "2026-04-27 21:07:16,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-04-27 21:07:16,057",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7008
          },
          {
            "timestamp": "2026-04-27 21:07:16,057",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-04-27 21:07:16,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-04-27 21:07:16,135",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-04-27 21:07:16,135",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-04-27 21:07:16,166",
            "thread_id": "4232",
            "caller": "0x77eab5a6",
            "parentcaller": "0x76acfa30",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "4232"
              }
            ],
            "repeated": 0,
            "id": 7013
          },
          {
            "timestamp": "2026-04-27 21:07:16,166",
            "thread_id": "4232",
            "caller": "0x7726f231",
            "parentcaller": "0x73742c18",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-04-27 21:07:16,166",
            "thread_id": "4232",
            "caller": "0x77eab5c9",
            "parentcaller": "0x76acfa30",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-04-27 21:07:16,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-04-27 21:07:16,197",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-04-27 21:07:16,197",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-04-27 21:07:16,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7019
          },
          {
            "timestamp": "2026-04-27 21:07:16,260",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-04-27 21:07:16,260",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-04-27 21:07:16,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-04-27 21:07:16,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-04-27 21:07:16,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-04-27 21:07:16,353",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-04-27 21:07:16,353",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-04-27 21:07:16,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-04-27 21:07:16,400",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-04-27 21:07:16,400",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-04-27 21:07:16,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-04-27 21:07:16,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-04-27 21:07:16,463",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-04-27 21:07:16,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-04-27 21:07:16,525",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-04-27 21:07:16,525",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-04-27 21:07:16,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-04-27 21:07:16,588",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-04-27 21:07:16,588",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-04-27 21:07:16,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-04-27 21:07:16,650",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-04-27 21:07:16,650",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7041
          },
          {
            "timestamp": "2026-04-27 21:07:16,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-04-27 21:07:16,713",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7043
          },
          {
            "timestamp": "2026-04-27 21:07:16,713",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-04-27 21:07:16,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7045
          },
          {
            "timestamp": "2026-04-27 21:07:16,775",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-04-27 21:07:16,775",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7047
          },
          {
            "timestamp": "2026-04-27 21:07:16,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-04-27 21:07:16,853",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-04-27 21:07:16,853",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-04-27 21:07:16,885",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-04-27 21:07:16,885",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 7052
          },
          {
            "timestamp": "2026-04-27 21:07:16,978",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7053
          },
          {
            "timestamp": "2026-04-27 21:07:16,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-04-27 21:07:16,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-04-27 21:07:16,978",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-04-27 21:07:16,978",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-04-27 21:07:17,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-04-27 21:07:17,088",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-04-27 21:07:17,088",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-04-27 21:07:17,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-04-27 21:07:17,166",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-04-27 21:07:17,166",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 7063
          },
          {
            "timestamp": "2026-04-27 21:07:17,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-04-27 21:07:17,275",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-04-27 21:07:17,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-04-27 21:07:17,369",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-04-27 21:07:17,369",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 7068
          },
          {
            "timestamp": "2026-04-27 21:07:17,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-04-27 21:07:17,463",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7070
          },
          {
            "timestamp": "2026-04-27 21:07:17,510",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-04-27 21:07:17,510",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-04-27 21:07:17,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-04-27 21:07:17,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-04-27 21:07:17,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7075
          },
          {
            "timestamp": "2026-04-27 21:07:17,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7076
          },
          {
            "timestamp": "2026-04-27 21:07:17,619",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-04-27 21:07:17,619",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-04-27 21:07:17,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-04-27 21:07:17,682",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7080
          },
          {
            "timestamp": "2026-04-27 21:07:17,682",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-04-27 21:07:17,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-04-27 21:07:17,744",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7083
          },
          {
            "timestamp": "2026-04-27 21:07:17,744",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-04-27 21:07:17,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-04-27 21:07:17,822",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-04-27 21:07:17,822",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-04-27 21:07:17,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-04-27 21:07:17,885",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-04-27 21:07:17,885",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-04-27 21:07:17,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-04-27 21:07:17,963",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-04-27 21:07:17,963",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-04-27 21:07:17,994",
            "thread_id": "7312",
            "caller": "0x051e88b0",
            "parentcaller": "0x051e8707",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 7094
          },
          {
            "timestamp": "2026-04-27 21:07:17,994",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-04-27 21:07:17,994",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "19"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-04-27 21:07:18,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-04-27 21:07:18,041",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-04-27 21:07:18,041",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-04-27 21:07:18,057",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7100
          },
          {
            "timestamp": "2026-04-27 21:07:18,057",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-04-27 21:07:18,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-04-27 21:07:18,150",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-04-27 21:07:18,150",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-04-27 21:07:18,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-04-27 21:07:18,244",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-04-27 21:07:18,244",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-04-27 21:07:18,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-04-27 21:07:18,338",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7109
          },
          {
            "timestamp": "2026-04-27 21:07:18,338",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 1,
            "id": 7110
          },
          {
            "timestamp": "2026-04-27 21:07:18,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-04-27 21:07:18,416",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-04-27 21:07:18,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-04-27 21:07:18,478",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-04-27 21:07:18,478",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-04-27 21:07:18,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-04-27 21:07:18,557",
            "thread_id": "7312",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-04-27 21:07:18,557",
            "thread_id": "8184",
            "caller": "0x7727611b",
            "parentcaller": "0x7380b043",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "50"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-04-27 21:07:18,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-04-27 21:07:18,572",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-04-27 21:07:18,572",
            "thread_id": "8048",
            "caller": "0x7381cda8",
            "parentcaller": "0x7381cc7a",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-04-27 21:07:18,572",
            "thread_id": "8048",
            "caller": "0x7727611b",
            "parentcaller": "0x737e56b7",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "500"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "6988",
            "caller": "0x710a0830",
            "parentcaller": "0x71093611",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x077f18e0",
            "parentcaller": "0x0864c324",
            "category": "network",
            "api": "DnsQuery_A",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "nnzn.sa.com"
              },
              {
                "name": "Type",
                "value": "1"
              },
              {
                "name": "Options",
                "value": "0x00000048"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x077f1998",
            "parentcaller": "0x0864d998",
            "category": "network",
            "api": "WSASocketW",
            "status": true,
            "return": "0x00000674",
            "arguments": [
              {
                "name": "af",
                "value": "2",
                "pretty_value": "AF_INET"
              },
              {
                "name": "type",
                "value": "1",
                "pretty_value": "SOCK_STREAM"
              },
              {
                "name": "protocol",
                "value": "6",
                "pretty_value": "IPPROTO_TCP"
              },
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x077f0a53",
            "parentcaller": "0x0864c650",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00000080"
              },
              {
                "name": "optval",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x077f2a15",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "bind",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              },
              {
                "name": "ip",
                "value": "0.0.0.0"
              },
              {
                "name": "port",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x0864da34",
            "parentcaller": "0x0864c650",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000674"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\Afd"
              },
              {
                "name": "FileInformationClass",
                "value": "30",
                "pretty_value": "FileCompletionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xcc\\x04\\x00\\x00\\x9a\\xda\\xa9s"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x0292acfb",
            "parentcaller": "0x0864da34",
            "category": "network",
            "api": "ConnectEx",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              },
              {
                "name": "SendBuffer",
                "value": ""
              },
              {
                "name": "ip",
                "value": "172.67.140.186"
              },
              {
                "name": "port",
                "value": "443"
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "7312",
            "caller": "0x0864dc31",
            "parentcaller": "0x0864dbf0",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "20"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "2068",
            "caller": "0x737e55cd",
            "parentcaller": "0x7380b77c",
            "category": "threading",
            "api": "NtYieldExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "6988",
            "caller": "0x7726269a",
            "parentcaller": "0x7108b4f1",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "2068",
            "caller": "0x772627d9",
            "parentcaller": "0x737e58bd",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000454"
              },
              {
                "name": "Milliseconds",
                "value": "40000"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x077f2bf3",
            "parentcaller": "0x00000000",
            "category": "network",
            "api": "setsockopt",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              },
              {
                "name": "level",
                "value": "0x0000ffff"
              },
              {
                "name": "optname",
                "value": "0x00007010"
              },
              {
                "name": "optval",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x0864e067",
            "parentcaller": "0x0864dfda",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0cc",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x0290afec",
            "parentcaller": "0x0864e0df",
            "category": "misc",
            "api": "GetUserNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Name",
                "value": "cape"
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "72"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x0864ea44",
            "parentcaller": "0x0864e2af",
            "category": "crypto",
            "api": "CryptEncrypt",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "CryptKey",
                "value": "0x00a82df8"
              },
              {
                "name": "CryptHash",
                "value": "0x00000000"
              },
              {
                "name": "Buffer",
                "value": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3"
              },
              {
                "name": "Length",
                "value": "16"
              },
              {
                "name": "Final",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x077f2dec",
            "parentcaller": "0x0864ed7a",
            "category": "network",
            "api": "WSASend",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Socket",
                "value": "1652"
              },
              {
                "name": "Buffer",
                "value": "@\\x00\\x00\\x00m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "1796",
            "caller": "0x077f2ee0",
            "parentcaller": "0x0864edcf",
            "category": "network",
            "api": "WSARecv",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "3892",
            "caller": "0x0290a7be",
            "parentcaller": "0x0864f1bd",
            "category": "network",
            "api": "closesocket",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "socket",
                "value": "1652"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "3892",
            "caller": "0x0290bbbb",
            "parentcaller": "0x051ed61d",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030190"
              },
              {
                "name": "Message",
                "value": "0x0000c1b0"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-04-27 21:07:18,603",
            "thread_id": "3892",
            "caller": "0x0290b109",
            "parentcaller": "0x051ed61d",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000003c4"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\x8d\\x00\\xf8\\x19\\x00\\x00,\\x1a\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "6700"
              }
            ],
            "repeated": 0,
            "id": 7145
          }
        ],
        "threads": [
          "6700",
          "8084",
          "7424",
          "7420",
          "4232",
          "4452",
          "4036",
          "3524",
          "1368",
          "3676",
          "6580",
          "8184",
          "7312",
          "8048",
          "6988",
          "1796",
          "2068",
          "3892",
          "2276",
          "3172"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00610000",
          "MainExeSize": "0x00038000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 3884,
        "process_name": "schtasks.exe",
        "parent_id": 6648,
        "module_path": "C:\\Windows\\SysWOW64\\schtasks.exe",
        "first_seen": "2026-04-27 21:05:56,244",
        "calls": [
          {
            "timestamp": "2026-04-27 21:05:56,525",
            "thread_id": "1828",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-04-27 21:05:56,525",
            "thread_id": "1828",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-04-27 21:05:56,525",
            "thread_id": "6516",
            "caller": "0x77e91c0e",
            "parentcaller": "0x77e8dbb1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 2
          },
          {
            "timestamp": "2026-04-27 21:05:56,541",
            "thread_id": "3900",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\xf5\\xa6\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc0\\xf5\\xa6\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x00a0022a",
            "parentcaller": "0x00a002de",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04963000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x00a0022a",
            "parentcaller": "0x00a002de",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04964000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04965000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04967000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e7138f",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e713ac",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e713c2",
            "parentcaller": "0x77e7110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e6f04b",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02bf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77e6f092",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02bf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fb540",
            "parentcaller": "0x009fd938",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "3900",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "6516",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\xae\\xebw\\xe0\\xf3\\x9e\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xe8\\xf3\\x9e\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "7492",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "7492",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02f80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000114"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "7120",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xf3\\x8c\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xffX\\xf3\\x8c\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000114"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000114"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "7120",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "7120",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-04-27 21:05:56,557",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000114"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\schtasks.exe.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000114"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\schtasks.exe.mui"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02f80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02aee3a8"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fc7d0",
            "parentcaller": "0x009fcbcc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fd2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace880"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac97e0"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000230"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x06140000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02aef044"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-04-27 21:05:56,572",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "nn\\x13\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-04-27 21:05:56,588",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "1828"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x772833ec"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fb540",
            "parentcaller": "0x009fd938",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1828"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000224"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75250000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7525c000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000224"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-04-27 21:05:56,682",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x75250000"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0xffffffffca4da801",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x75250000"
              },
              {
                "name": "InitRoutine",
                "value": "0x752547e0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000022c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76d80000"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000244"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000240"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000244"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x00000244"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "+8\\x7f}\\x05C\\x8d\\x06#\\xb23\\xd2N8\\xc4\\xc1\\xd6\\xbdiVj\\xc1Wz/\\x18O\\xe5\\xddP\\xd6JU;r\\xff-M\\x87=\\xf2\\xcfW\\x07\\xfa\\x84Qi"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76db36c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fd5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e724f0"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb40c0"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70780"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea52e0"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 126
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000011c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xc5\\xae\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\xcc\\xc5\\xae\\x02\\x00\\x00\\x00\\x00\\x80\\xc5\\xae\\x02\\xc3\\xd8\\xbewP\\x02\\x00\\x00\\x12\\x00\\x00\\x00\\x98\\xc5\\xae\\x02\\x04\\x00\\x00\\x00|\\xc5\\xae\\x02P\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\xa8\\xc5\\xae\\x02/\\xd8\\xbew\\x00\\xc6\\xae\\x02\\x00\\x00\\x00\\x00\\xf0\\xc5\\xae\\x02"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000254"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-04-27 21:05:56,713",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000256"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000256"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000256"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xc9\\xae\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x80%w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xca\\xae\\x02\\x8b\\x7f%wP\\x02\\x00\\x00ls\\x043\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fd9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-04-27 21:05:56,728",
            "thread_id": "1828",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-04-27 21:05:59,260",
            "thread_id": "1828",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x77400000"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-04-27 21:05:59,260",
            "thread_id": "1828",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\taskschd"
              },
              {
                "name": "DllBase",
                "value": "0x75180000"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\taskschd.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75180000"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0F87369F-A4E5-4CFC-BD3E-73E6154572DD"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "2FABA4C7-4DA9-4013-9697-20CC3FD40F85"
              },
              {
                "name": "ProgID",
                "value": "Schedule.Service.1"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760ed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760ed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e9000"
              },
              {
                "name": "ModuleName",
                "value": "taskschd.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e9000"
              },
              {
                "name": "ModuleName",
                "value": "taskschd.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\xc4\\x02,\\x0f\\x00\\x00$\\x07\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1828"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00`\\xc4\\x02,\\x0f\\x00\\x00$\\x07\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "1828"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-04-27 21:05:59,291",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-04-27 21:05:59,338",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fdb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-04-27 21:05:59,338",
            "thread_id": "1828",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009e8375",
            "parentcaller": "0x009e8ed2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000260"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb3df",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000260"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb43e",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000260"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb4be",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000260"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb4e3",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000260"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r"
              },
              {
                "name": "Length",
                "value": "1304"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb970",
            "parentcaller": "0x009eba21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fdc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009eb9d0",
            "parentcaller": "0x009eba5e",
            "category": "misc",
            "api": "VarBstrCat",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "bstrLeft",
                "value": ""
              },
              {
                "name": "bstrRight",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
              },
              {
                "name": "pbstrResult",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009e83f0",
            "parentcaller": "0x009e8ed2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "1828",
            "caller": "0x009e862e",
            "parentcaller": "0x009e8ed2",
            "category": "misc",
            "api": "VarBstrCat",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "bstrLeft",
                "value": "DESKTOP-PC01\\"
              },
              {
                "name": "bstrRight",
                "value": "cape"
              },
              {
                "name": "pbstrResult",
                "value": "DESKTOP-PC01\\cape"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-04-27 21:05:59,603",
            "thread_id": "1828",
            "caller": "0x009fc7d0",
            "parentcaller": "0x009fe476",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x02fde000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-04-27 21:05:59,603",
            "thread_id": "1828",
            "caller": "0x009fbde8",
            "parentcaller": "0x009fc03c",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x10\\x00@\\xc6\\xae\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00 \\x00\\x00\\x00H\\xc6\\xae\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-04-27 21:05:59,603",
            "thread_id": "1828",
            "caller": "0x009fc099",
            "parentcaller": "0x009e8763",
            "category": "system",
            "api": "WriteConsoleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ConsoleHandle",
                "value": "0x00000098"
              },
              {
                "name": "Buffer",
                "value": "\\x423\\x421\\x41f\\x415\\x425. \\x417\\x430\\x43f\\x43b\\x430\\x43d\\x438\\x440\\x43e\\x432\\x430\\x43d\\x43d\\x430\\x44f \\x437\\x430\\x434\\x430\\x447\\x430 \"WAN Manager\" \\x431\\x44b\\x43b\\x430 \\x443\\x441\\x43f\\x435\\x448\\x43d\\x43e \\x441\\x43e\\x437\\x434\\x430\\x43d\\x430.\n"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-04-27 21:05:59,603",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x04961d08"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-04-27 21:05:59,603",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04a80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000026c"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000022c"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e4"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001dc"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001bc"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001c0"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a0"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a4"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a8"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ac"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b0"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b4"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000198"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000019c"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000194"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000178"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000017c"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000180"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000184"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000188"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000190"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000018c"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000158"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000015c"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000154"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000150"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000148"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000013c"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025e"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000120"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000124"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f0"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f8"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f8"
              },
              {
                "name": "ValueName",
                "value": "DisableMetaFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f8"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f8"
              },
              {
                "name": "ValueName",
                "value": "DisableUmpdBufferSizeCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f8"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000ec"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e8"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e0"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d4"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b0"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b4"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-04-27 21:05:59,650",
            "thread_id": "1828",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 242
          }
        ],
        "threads": [
          "1828",
          "6516",
          "3900",
          "7492",
          "7120"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x009e0000",
          "MainExeSize": "0x00032000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 1052,
        "process_name": "svchost.exe",
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "first_seen": "2026-04-27 21:05:57,057",
        "calls": [
          {
            "timestamp": "2026-04-27 21:05:59,369",
            "thread_id": "5400",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffefe5c4b63",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-04-27 21:05:59,400",
            "thread_id": "5400",
            "caller": "0x7ffef786eeb9",
            "parentcaller": "0x7ffef784467c",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Tasks\\WAN Manager.job"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-04-27 21:05:59,400",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000708"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-04-27 21:05:59,400",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-04-27 21:05:59,400",
            "thread_id": "5400",
            "caller": "0x7ffefc617cdd",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000708"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-04-27 21:05:59,416",
            "thread_id": "5400",
            "caller": "0x7ffefc617d12",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000708"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-04-27 21:05:59,525",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x42100080",
                "pretty_value": "GENERIC_WRITE|MAXIMUM_ALLOWED|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-04-27 21:05:59,541",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-04-27 21:05:59,588",
            "thread_id": "5400",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffefac74d61",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x00000668"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000708"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 8
          },
          {
            "timestamp": "2026-04-27 21:05:59,588",
            "thread_id": "5400",
            "caller": "0x7ffefac74f57",
            "parentcaller": "0x7ffefac74c79",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-04-27 21:06:02,119",
            "thread_id": "5400",
            "caller": "0x7ffef786eeb9",
            "parentcaller": "0x7ffef784467c",
            "category": "filesystem",
            "api": "DeleteFileW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Tasks\\WAN Manager Task.job"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-04-27 21:06:02,135",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager Task"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-04-27 21:06:02,135",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-04-27 21:06:02,135",
            "thread_id": "5400",
            "caller": "0x7ffefc617cdd",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager Task"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-04-27 21:06:02,135",
            "thread_id": "5400",
            "caller": "0x7ffefc617d12",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager Task"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-04-27 21:06:02,182",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x42100080",
                "pretty_value": "GENERIC_WRITE|MAXIMUM_ALLOWED|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\WAN Manager Task"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-04-27 21:06:02,182",
            "thread_id": "5400",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-04-27 21:06:02,182",
            "thread_id": "5400",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffefac74d61",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000007e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006f4"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17
          },
          {
            "timestamp": "2026-04-27 21:06:02,182",
            "thread_id": "5400",
            "caller": "0x7ffefac74f57",
            "parentcaller": "0x7ffefac74c79",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-04-27 21:06:18,244",
            "thread_id": "3400",
            "caller": "0x7ffefc62cd80",
            "parentcaller": "0x7ffef78f7a65",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000798"
              },
              {
                "name": "ExitCode",
                "value": "0x0000042b"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-04-27 21:06:34,478",
            "thread_id": "3400",
            "caller": "0x7ffefc62cd80",
            "parentcaller": "0x7ffef78f7a65",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000724"
              },
              {
                "name": "ExitCode",
                "value": "0x0000042b"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sppc.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5d8b66",
            "parentcaller": "0x7ffefc5dadd0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bb6a",
            "parentcaller": "0x7ffefe89b9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\sppc.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bc0c",
            "parentcaller": "0x7ffefe89b9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000718"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x536727ccc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe8ba7e1",
            "parentcaller": "0x7ffefc5c5e19",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5c5e4e",
            "parentcaller": "0x7ffef794bdad",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sppc.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5d8b66",
            "parentcaller": "0x7ffefc5dadd0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000718"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bb6a",
            "parentcaller": "0x7ffefe89b9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\sppc.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bc0c",
            "parentcaller": "0x7ffefe89b9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x536727ccc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe8ba7e1",
            "parentcaller": "0x7ffefc5c5e19",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5c5e4e",
            "parentcaller": "0x7ffef794bdad",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000718"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sppc.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5d8b66",
            "parentcaller": "0x7ffefc5dadd0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bb6a",
            "parentcaller": "0x7ffefe89b9de",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\sppc.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe89bc0c",
            "parentcaller": "0x7ffefe89b9de",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000718"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x536727ccc0"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefe8ba7e1",
            "parentcaller": "0x7ffefc5c5e19",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f50a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-04-27 21:07:01,307",
            "thread_id": "1384",
            "caller": "0x7ffefc5c5e4e",
            "parentcaller": "0x7ffef794bdad",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x1b1f4de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-04-27 21:07:01,400",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x40100080",
                "pretty_value": "GENERIC_WRITE|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
              },
              {
                "name": "CreateDisposition",
                "value": "3",
                "pretty_value": "FILE_OPEN_IF"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-04-27 21:07:01,400",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000690"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-04-27 21:07:01,400",
            "thread_id": "1384",
            "caller": "0x7ffefc617cdd",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000724"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
              },
              {
                "name": "FileInformationClass",
                "value": "20",
                "pretty_value": "FileEndOfFileInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-04-27 21:07:01,400",
            "thread_id": "1384",
            "caller": "0x7ffefc617d12",
            "parentcaller": "0x7ffef7944d0e",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000724"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
              },
              {
                "name": "FileInformationClass",
                "value": "19",
                "pretty_value": "FileAllocationInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-04-27 21:07:01,494",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x42100080",
                "pretty_value": "GENERIC_WRITE|MAXIMUM_ALLOWED|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-04-27 21:07:01,494",
            "thread_id": "1384",
            "caller": "0x7ffefc5da070",
            "parentcaller": "0x7ffefc5d9d96",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000724"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100080",
                "pretty_value": "FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\??\\MountPointManager"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-04-27 21:07:01,494",
            "thread_id": "1384",
            "caller": "0x7ffefc60028c",
            "parentcaller": "0x7ffefac74d61",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000007e4"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000724"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 45
          }
        ],
        "threads": [
          "5400",
          "3400",
          "1384"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff7ab6e0000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      },
      {
        "process_id": 3200,
        "process_name": "schtasks.exe",
        "parent_id": 6648,
        "module_path": "C:\\Windows\\SysWOW64\\schtasks.exe",
        "first_seen": "2026-04-27 21:06:01,147",
        "calls": [
          {
            "timestamp": "2026-04-27 21:06:01,788",
            "thread_id": "7412",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-04-27 21:06:01,788",
            "thread_id": "7412",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-04-27 21:06:01,788",
            "thread_id": "6048",
            "caller": "0x77e91c0e",
            "parentcaller": "0x77e8dbb1",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000007c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 3,
            "id": 2
          },
          {
            "timestamp": "2026-04-27 21:06:01,788",
            "thread_id": "4788",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xf2\\xeb\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\xf2\\xeb\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x00a0022a",
            "parentcaller": "0x00a002de",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04df3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x00a0022a",
            "parentcaller": "0x00a002de",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04df4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fb540",
            "parentcaller": "0x009fd938",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04df5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04df7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e7138f",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e713ac",
            "parentcaller": "0x77e7110a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e713c2",
            "parentcaller": "0x77e7110a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e6f04b",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77e6f092",
            "parentcaller": "0x77e6ef40",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04de0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "4788",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fafaa",
            "parentcaller": "0x009f59e7",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x10\\x00\\x00\\x00<\\xf3\\xf3\\x02\\x08\\xf4\\xf3\\x02\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\xf4\\xf3\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000110"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000110"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000110"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-04-27 21:06:01,866",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000110"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000110"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\schtasks.exe.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000110"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\schtasks.exe.mui"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000234"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02f3e610"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000d0"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76ab0000"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ace880"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76ab0000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76ac97e0"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000234"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000230"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x02f3f2ac"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000234"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fcc04",
            "parentcaller": "0x009fd9ab",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-04-27 21:06:01,882",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf9\\xa3\\x13\\x00\\x00\\x00\\x00\\x00\\xcc\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x94\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\xa6\\x04\\x0f\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-04-27 21:06:01,913",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "7412"
              },
              {
                "name": "Module",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "Return Address",
                "value": "0x772833ec"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "6048",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\xae\\xebw\\xa8\\xf6\\xe3\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xff\\xb0\\xf6\\xe3\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "6048",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "6048",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04df9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "6048",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "6048",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "7752",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00(\\xf1\\xd7\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xff0\\xf1\\xd7\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "7752",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "7752",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "4424",
            "caller": "0x77267322",
            "parentcaller": "0x77267238",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": false,
            "return": "0xffffffffc00700bb",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xf1\\xcf\\x04\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xfe\\xff\\xff\\xffP\\xf1\\xcf\\x04\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "4424",
            "caller": "0x77e80857",
            "parentcaller": "0x77e8055f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "4424",
            "caller": "0x77ea64d6",
            "parentcaller": "0x77ea63e1",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-04-27 21:06:01,929",
            "thread_id": "4424",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000230"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000230"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fba8b",
            "parentcaller": "0x009fccb9",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000234"
              },
              {
                "name": "ValueName",
                "value": "ru"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fb540",
            "parentcaller": "0x009fd938",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcb95",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009fcbe8",
            "parentcaller": "0x009fd9ab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "42"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7412"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\kernel.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000228"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\kernel.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000023c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75250000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7525c000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-04-27 21:06:01,944",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000228"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75259000"
              },
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-04-27 21:06:01,960",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x75250000"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x6cab6c01",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x75250000"
              },
              {
                "name": "InitRoutine",
                "value": "0x752547e0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000240"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77f69000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76dda000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-04-27 21:06:01,991",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x76d80000"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000024c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000024c"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000024c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000024c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "\\x8cU\"\\xfc\\xb2\\x96f\\x1d+\\x17\\xb8K\\xe3S\\x03\\x94\\x86\\xf6w\\xf9\\x99\\x9c\\x9c.+\\x0e\\x1e\\xb4\\xf5.Q|\\x1e\\xe7\\xb7j\\xb63*\\xadX\\x9b\\xda\\xa7|L\\x81\\xc0"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume1\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x76d80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76db36c0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769b1000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5bc7",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e724f0"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77eb40c0"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e70780"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77ea52e0"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 133
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000118"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xc7\\xf3\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x004\\xc8\\xf3\\x02\\x00\\x00\\x00\\x00\\xe8\\xc7\\xf3\\x02\\xc3\\xd8\\xbewX\\x02\\x00\\x00\\x12\\x00\\x00\\x00\\x00\\xc8\\xf3\\x02\\x04\\x00\\x00\\x00\\xe4\\xc7\\xf3\\x02X\\x02\\x00\\x00\\x04\\x00\\x00\\x00\\x10\\xc8\\xf3\\x02/\\xd8\\xbewh\\xc8\\xf3\\x02\\x00\\x00\\x00\\x00X\\xc8\\xf3\\x02"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000025e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3749840076-4109591986-3192690632-1000_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000025e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\schtasks.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\schtasks.exe"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf8\\xcb\\xf3\\x02\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xcc\\x04\\x82\\xdf\\xb2e\\xf3\\xf4\\xc8\\x97L\\xbe\\xe8\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x80%w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00h\\xcc\\xf3\\x02\\x8b\\x7f%wX\\x02\\x00\\x00@\\x98\\xf9\\x95\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77d97000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-04-27 21:06:02,007",
            "thread_id": "7412",
            "caller": "0x009f5be1",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000260"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-04-27 21:06:02,038",
            "thread_id": "7412",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x77400000"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-04-27 21:06:02,054",
            "thread_id": "7412",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\taskschd"
              },
              {
                "name": "DllBase",
                "value": "0x75180000"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-04-27 21:06:02,069",
            "thread_id": "7412",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\taskschd.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75180000"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5c2a",
            "parentcaller": "0x009e8e7b",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0F87369F-A4E5-4CFC-BD3E-73E6154572DD"
              },
              {
                "name": "ClsContext",
                "value": "0x00000017",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER|CLSCTX_LOCAL_SERVER|CLSCTX_REMOTE_SERVER"
              },
              {
                "name": "riid",
                "value": "2FABA4C7-4DA9-4013-9697-20CC3FD40F85"
              },
              {
                "name": "ProgID",
                "value": "Schedule.Service.1"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760ed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760ed000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e9000"
              },
              {
                "name": "ModuleName",
                "value": "taskschd.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x751e9000"
              },
              {
                "name": "ModuleName",
                "value": "taskschd.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xb0\\x1a\\x03\\x80\\x0c\\x00\\x00\\xf4\\x1c\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "7412"
              }
            ],
            "repeated": 1,
            "id": 164
          },
          {
            "timestamp": "2026-04-27 21:06:02,085",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "misc",
            "api": "GetComputerNameW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ComputerName",
                "value": "DESKTOP-PC01"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-04-27 21:06:02,100",
            "thread_id": "7412",
            "caller": "0x009f5ddf",
            "parentcaller": "0x009e8e7b",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-04-27 21:06:02,100",
            "thread_id": "7412",
            "caller": "0x009e8375",
            "parentcaller": "0x009e8ed2",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-04-27 21:06:02,100",
            "thread_id": "7412",
            "caller": "0x009eb3df",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x1c\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-04-27 21:06:02,100",
            "thread_id": "7412",
            "caller": "0x009eb43e",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009eb4be",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009eb4e3",
            "parentcaller": "0x009e83b4",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000023c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r"
              },
              {
                "name": "Length",
                "value": "1308"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009eb970",
            "parentcaller": "0x009eba21",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009eb9d0",
            "parentcaller": "0x009eba5e",
            "category": "misc",
            "api": "VarBstrCat",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "bstrLeft",
                "value": ""
              },
              {
                "name": "bstrRight",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
              },
              {
                "name": "pbstrResult",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009e83f0",
            "parentcaller": "0x009e8ed2",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000023c"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-04-27 21:06:02,116",
            "thread_id": "7412",
            "caller": "0x009e862e",
            "parentcaller": "0x009e8ed2",
            "category": "misc",
            "api": "VarBstrCat",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "bstrLeft",
                "value": "DESKTOP-PC01\\"
              },
              {
                "name": "bstrRight",
                "value": "cape"
              },
              {
                "name": "pbstrResult",
                "value": "DESKTOP-PC01\\cape"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-04-27 21:06:02,179",
            "thread_id": "7412",
            "caller": "0x009fc7d0",
            "parentcaller": "0x009fe476",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x033dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-04-27 21:06:02,179",
            "thread_id": "7412",
            "caller": "0x009fbde8",
            "parentcaller": "0x009fc03c",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000088"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\ConDrv"
              },
              {
                "name": "IoControlCode",
                "value": "0x00500016"
              },
              {
                "name": "InputBuffer",
                "value": "\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\xa8\\xc8\\xf3\\x02\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00 \\x00\\x00\\x00\\xb0\\xc8\\xf3\\x02\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-04-27 21:06:02,179",
            "thread_id": "7412",
            "caller": "0x009fc099",
            "parentcaller": "0x009e8763",
            "category": "system",
            "api": "WriteConsoleW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ConsoleHandle",
                "value": "0x00000098"
              },
              {
                "name": "Buffer",
                "value": "\\x423\\x421\\x41f\\x415\\x425. \\x417\\x430\\x43f\\x43b\\x430\\x43d\\x438\\x440\\x43e\\x432\\x430\\x43d\\x43d\\x430\\x44f \\x437\\x430\\x434\\x430\\x447\\x430 \"WAN Manager Task\" \\x431\\x44b\\x43b\\x430 \\x443\\x441\\x43f\\x435\\x448\\x43d\\x43e \\x441\\x43e\\x437\\x434\\x430\\x43d\\x430.\n"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-04-27 21:06:02,179",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x04df1d08"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-04-27 21:06:02,179",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04ed0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000270"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000024c"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000244"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000240"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ec"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001f0"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001e8"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001d8"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b8"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001bc"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b4"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000019c"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a0"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a4"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001a8"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001ac"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001b0"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77122000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000194"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000198"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000190"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000174"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000178"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000017c"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000180"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000184"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000018c"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000188"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000154"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000158"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000150"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000014c"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000144"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000148"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000140"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000013c"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000138"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000266"
              }
            ],
            "repeated": 0,
            "id": 223
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000011c"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000120"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000ec"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f0"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "ValueName",
                "value": "DisableMetaFiles"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000000f4"
              },
              {
                "name": "ValueName",
                "value": "DisableUmpdBufferSizeCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000f4"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e8"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e4"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000e0"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x77e40000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x77e9f5a0"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000001fc"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000d4"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000a0"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b0"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000000b4"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-04-27 21:06:02,225",
            "thread_id": "7412",
            "caller": "0x00a00352",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtTerminateProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "ExitCode",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 247
          }
        ],
        "threads": [
          "7412",
          "6048",
          "4788",
          "7752",
          "4424"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\"",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x009e0000",
          "MainExeSize": "0x00032000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "sex1.exe",
        "pid": 6648,
        "parent_id": 7304,
        "module_path": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "children": [
          {
            "name": "schtasks.exe",
            "pid": 3884,
            "parent_id": 6648,
            "module_path": "C:\\Windows\\SysWOW64\\schtasks.exe",
            "children": [],
            "threads": [
              "1828",
              "6516",
              "3900",
              "7492",
              "7120"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\"",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x009e0000",
              "MainExeSize": "0x00032000",
              "Bitness": "32-bit"
            }
          },
          {
            "name": "schtasks.exe",
            "pid": 3200,
            "parent_id": 6648,
            "module_path": "C:\\Windows\\SysWOW64\\schtasks.exe",
            "children": [],
            "threads": [
              "7412",
              "6048",
              "4788",
              "7752",
              "4424"
            ],
            "environ": {
              "UserName": "cape",
              "ComputerName": "DESKTOP-PC01",
              "WindowsPath": "C:\\Windows",
              "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
              "CommandLine": "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\"",
              "RegisteredOwner": "",
              "RegisteredOrganization": "",
              "ProductName": "",
              "SystemVolumeSerialNumber": "7c6d-8d48",
              "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
              "MachineGUID": "",
              "MainExeBase": "0x009e0000",
              "MainExeSize": "0x00032000",
              "Bitness": "32-bit"
            }
          }
        ],
        "threads": [
          "6700",
          "8084",
          "7424",
          "7420",
          "4232",
          "4452",
          "4036",
          "3524",
          "1368",
          "3676",
          "6580",
          "8184",
          "7312",
          "8048",
          "6988",
          "1796",
          "2068",
          "3892",
          "2276",
          "3172"
        ],
        "environ": {
          "UserName": "cape",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\cape\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x00610000",
          "MainExeSize": "0x00038000",
          "Bitness": "32-bit"
        }
      },
      {
        "name": "svchost.exe",
        "pid": 1052,
        "parent_id": 632,
        "module_path": "C:\\Windows\\System32\\svchost.exe",
        "children": [],
        "threads": [
          "5400",
          "3400",
          "1384"
        ],
        "environ": {
          "UserName": "￑￈￑ￒￅￌ￀",
          "ComputerName": "DESKTOP-PC01",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Windows\\TEMP\\",
          "CommandLine": "C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "7c6d-8d48",
          "SystemVolumeGUID": "c48439d1-0000-0000-0000-100000000000",
          "MachineGUID": "",
          "MainExeBase": "0x7ff7ab6e0000",
          "MainExeSize": "0x00010000",
          "Bitness": "64-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Windows\\System32\\MSCOREE.DLL.local",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\*",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe.config",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
        "C:\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\\msvcr80.dll",
        "C:\\Windows",
        "C:\\Windows\\WinSxS",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\fusion.localgac",
        "C:\\Users\\cape\\AppData\\Local\\Microsoft\\CLR_v2.0_32\\UsageLogs\\sex1.exe.log",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch",
        "C:\\Windows\\System32\\windows.storage.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Wldp.dll",
        "C:\\Windows\\System32\\wldp.dll",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config",
        "C:\\Users\\cape\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch",
        "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\indexc.dat",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.INI",
        "C:\\Users",
        "C:\\Users\\cape",
        "C:\\Users\\cape\\AppData",
        "C:\\Users\\cape\\AppData\\Local",
        "C:\\Users\\cape\\AppData\\Local\\Temp",
        "C:\\Windows\\System32\\bcryptPrimitives.dll",
        "\\Device\\CNG",
        "C:\\Windows\\System32\\l_intl.nls",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.INI",
        "C:\\Windows\\assembly\\pubpol5.dat",
        "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.INI",
        "C:\\Windows\\assembly\\GAC_32\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI",
        "C:\\Windows\\Globalization\\ru-ru.nlp",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll",
        "C:\\Windows\\System32\\msctf.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\USER32.dll.mui",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\CRYPTSP.dll",
        "C:\\Windows\\System32\\cryptsp.dll",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD",
        "C:\\Users\\cape\\AppData\\Roaming",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Exceptions\\1.2.2.0",
        "C:\\Program Files (x86)\\WAN Manager",
        "C:\\Program Files (x86)",
        "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\WAN Manager\\wanmgr.exe",
        "C:\\Windows\\Globalization\\en-us.nlp",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC\\mscorlib.resources\\2.0.0.0_ru-RU_b77a5c561934e089",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\mscorlib.resources\\mscorlib.resources.exe",
        "C:\\Windows\\Globalization\\ru.nlp",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.INI",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll",
        "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.pdb",
        "C:\\Windows\\symbols\\dll\\mscorlib.pdb",
        "C:\\Windows\\dll\\mscorlib.pdb",
        "C:\\Windows\\mscorlib.pdb",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.PDB",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe:Zone.Identifier",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\catalog.dat",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\storage.dat",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ClientPlugin\\ClientPlugin.exe",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\settings.bin",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\settings.bak",
        "C:\\Windows\\System32\\tzres.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\System32\\ru-RU\\tzres.dll.mui",
        "C:\\Windows\\sysnative\\ru-RU\\tzres.dll.mui",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs\\cape",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#\\Lzma#.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\Lzma#\\Lzma#.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru-RU\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.dll",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\ru\\SurveillanceExClientPlugin.resources\\SurveillanceExClientPlugin.resources.exe",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.INI",
        "C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.INI",
        "C:\\Windows\\SysWOW64\\schtasks.exe",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\schtasks.exe.mui",
        "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
        "C:\\Windows\\System32\\kernel.appcore.dll",
        "C:\\Windows\\Tasks\\WAN Manager.job",
        "C:\\Windows\\System32\\Tasks\\WAN Manager",
        "\\??\\MountPointManager",
        "C:\\Windows\\System32\\Tasks\\",
        "C:\\Windows\\Tasks\\WAN Manager Task.job",
        "C:\\Windows\\System32\\Tasks\\WAN Manager Task",
        "C:\\Windows\\System32\\sppc.dll",
        "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe\\Windows\\System32\\ru-RU\\sppc.dll.mui",
        "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
      ],
      "read_files": [
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
      ],
      "write_files": [
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat",
        "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp",
        "C:\\Windows\\System32\\Tasks\\WAN Manager",
        "C:\\Windows\\System32\\Tasks\\WAN Manager Task",
        "C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
      ],
      "delete_files": [
        "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe",
        "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\WAN Manager\\wanmgr.exe",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp",
        "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe:Zone.Identifier",
        "C:\\Windows\\Tasks\\WAN Manager.job",
        "C:\\Windows\\Tasks\\WAN Manager Task.job"
      ],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v2.0.50727",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\AppPatch",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch\\v4.0.30319.00000\\mscorwks.dll",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sex1.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3749840076-4109591986-3192690632-1000",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\NIUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\ILUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\LastModTime",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,x86",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5aa75839\\10fdf3",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\1c22df2f\\4f99a7c9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
        "HKEY_CURRENT_USER\\Control Panel\\International",
        "HKEY_CURRENT_USER\\Control Panel\\International\\sYearMonth",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru-RU_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5e8c75c\\de7da15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|cape|AppData|Local|Temp|sex1.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3749840076-4109591986-3192690632-1000\\Installer\\Assemblies\\Global",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.mscorlib.resources_ru_b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\5e8c75c\\2f231edf",
        "HKEY_CLASSES_ROOT\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
        "HKEY_CLASSES_ROOT\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Ole",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft",
        "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_CURRENT_USER\\Software\\Classes",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\sex1.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\sex1.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\Extensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\4ecde57e\\31d9ddbb",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\a054161\\46043f61",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\219e9581\\3b405a35",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\219e9581\\26de983b",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\159a66b8\\424bd4d8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Data.SqlXml__b77a5c561934e089",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\schtasks.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\schtasks.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\NIUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\ILUsageMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,x86",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
        "HKEY_CURRENT_USER\\Control Panel\\International\\sYearMonth",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MVID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\DisplayName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Status",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Modules",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\SIG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\LastModTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck"
      ],
      "write_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager"
      ],
      "delete_keys": [],
      "executed_commands": [
        "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\"",
        "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\""
      ],
      "resolved_apis": [],
      "mutexes": [
        "Local\\SM0:6648:168:WilStaging_02",
        "Global\\CLR_CASOFF_MUTEX",
        "Global\\{b99f832a-30b2-4929-80df-5af09cffdbc2}",
        "Global\\.net clr networking"
      ],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,197",
        "eid": 1,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ea0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,213",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,213",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,275",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,275",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,275",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,275",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 8,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x77150000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 9,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x77150000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 10,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x77150000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 11,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x77150000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 12,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x77150000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 13,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 14,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
          "pathtofile": null,
          "moduleaddress": "0x73e10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 15,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 16,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,322",
        "eid": 17,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,369",
        "eid": 18,
        "data": {
          "file": "SHLWAPI.dll",
          "pathtofile": null,
          "moduleaddress": "0x76f20000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,369",
        "eid": 19,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,369",
        "eid": 20,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,463",
        "eid": 21,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x75250000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,463",
        "eid": 22,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:14,463",
        "eid": 23,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:14,463",
        "eid": 24,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x75460000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,557",
        "eid": 25,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,557",
        "eid": 26,
        "data": {
          "file": "MSCoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,557",
        "eid": 27,
        "data": {
          "file": "PGORT80.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,588",
        "eid": 28,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,744",
        "eid": 29,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:16,869",
        "eid": 30,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:16,869",
        "eid": 31,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:16,869",
        "eid": 32,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStart",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:16,869",
        "eid": 33,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\GCStressStartAtJit",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,885",
        "eid": 34,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll",
          "pathtofile": null,
          "moduleaddress": "0x737e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,885",
        "eid": 35,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,885",
        "eid": 36,
        "data": {
          "file": "USER32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,885",
        "eid": 37,
        "data": {
          "file": "mscorwks.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:16,900",
        "eid": 38,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:16,900",
        "eid": 39,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,072",
        "eid": 40,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,072",
        "eid": 41,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,088",
        "eid": 42,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,088",
        "eid": 43,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:17,244",
        "eid": 44,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:17,385",
        "eid": 45,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,385",
        "eid": 46,
        "data": {
          "file": "ntdll",
          "pathtofile": null,
          "moduleaddress": "0x77e40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,385",
        "eid": 47,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,463",
        "eid": 48,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 49,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 50,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 52,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 58,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 59,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 61,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 62,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,541",
        "eid": 63,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,619",
        "eid": 64,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:17,619",
        "eid": 65,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v2.0\\OptimizeUsedBinaries",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,619",
        "eid": 66,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,682",
        "eid": 67,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,682",
        "eid": 68,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,744",
        "eid": 69,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,744",
        "eid": 70,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 71,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x77590000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 72,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 73,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 74,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 75,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 76,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 77,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,760",
        "eid": 78,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,775",
        "eid": 79,
        "data": {
          "file": "api-ms-win-eventing-provider-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,775",
        "eid": 80,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:17,775",
        "eid": 81,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:18,478",
        "eid": 82,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ab0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:18,494",
        "eid": 83,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:18,494",
        "eid": 84,
        "data": {
          "file": "Kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:18,494",
        "eid": 85,
        "data": {
          "file": "Kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:18,619",
        "eid": 86,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,635",
        "eid": 87,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,635",
        "eid": 88,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 89,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\NIUsageMask",
          "content": "\\xff\\xe1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\indexc\\ILUsageMask",
          "content": "\\xff\\xff\\xff\\xf1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 91,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\DisplayName",
          "content": "mscorlib,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 92,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 93,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 94,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MVID",
          "content": "\\x07\\xfe\\xde\\xcf;\\x96LM&\\xa6\\xec\\x99B&\\xef\\xe4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 95,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 96,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 97,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\ILDependencies",
          "content": "\\xc5\\xe2Py\\xba{\\xb8\\x0c\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 98,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\NIDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 99,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\181938c6\\7950e2c5\\1\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 100,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\DisplayName",
          "content": "mscorlib,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 101,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Status",
          "content": "8198"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 102,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\Modules",
          "content": "sortkey.nlp|sorttbls.nlp|big5.nlp|bopomofo.nlp|ksc.nlp|prc.nlp|prcp.nlp|xjis.nlp|normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\SIG",
          "content": "\\xb23\\xc7M\\xdf\\xb0\\xb0D\\xba\\xbf+\\xb7\\xcf\\xfd\\xf4\\xab\\x91th\\x7f\\xa9w\\xa2\\xc6\\xae\\xd2Yqa\\xe9\\xe1\\x81\\x9d\\xe9K\\xa9"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\7950e2c5\\cb87bba\\1\\LastModTime",
          "content": "m\\xa7>\\xfb\\x06\\xac\\xdc\\x01"
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:18,650",
        "eid": 106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,x86",
          "content": "m\\xa7>\\xfb\\x06\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,150",
        "eid": 107,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\07fedecf3b964c4d26a6ec994226efe4\\mscorlib.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x72c40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,150",
        "eid": 108,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,244",
        "eid": 109,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,244",
        "eid": 110,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 111,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 112,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 113,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x77060000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 114,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 115,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 116,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,791",
        "eid": 117,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 118,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 119,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 120,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 122,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x745d0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 123,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "1"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 124,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 125,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x77060000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:19,807",
        "eid": 126,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:20,213",
        "eid": 127,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ab0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:20,213",
        "eid": 128,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:20,588",
        "eid": 129,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\LatestIndex",
          "content": "12"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 130,
        "data": {
          "file": "AdvApi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 131,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 132,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 133,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 134,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
          "content": "5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 135,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index5",
          "content": "\\x1f"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,041",
        "eid": 136,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 137,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 138,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 139,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\DisplayName",
          "content": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 140,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 141,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 142,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MVID",
          "content": "\\x19N\\x1e\\x92\\xbf\\xaeS\\x96\\x08e\\x18\\xc2\\xec\n\\x0ft"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 143,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 144,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 145,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\ILDependencies",
          "content": "@\\xce]G\\xb6\\xf9\\x10\\x19\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xac\\xd6-\\xb7\\xf8\\xf1%\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00~L\\xc0AT\\xf5Wz\\x1d\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc5Y\\xed<\\x00\\xa2\\x0bb\\x0e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x10\\x99\\x0cX\\xb0\\xeb\\x7f\\x1e\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 146,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x06\\xca<\\xc0\\xd4\\xc7m\\x0f\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 147,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\61e7e666\\c991064\\e\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 148,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\DisplayName",
          "content": "System.Security,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 149,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 150,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 151,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\SIG",
          "content": "\\x08\\x03VdL\\xe0}B\\xb3\\x80\\x140i\\xbf^\\xfcT0=\\xdb\\xb5\\x9b\\x9b[1\\xba\\xbe\\xf8I\\x1e\n\\x06G\\xa7\\xbf "
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 152,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\475dce40\\1910f9b6\\2\\LastModTime",
          "content": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 153,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\DisplayName",
          "content": "System.Xml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 154,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 155,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 156,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\SIG",
          "content": "\\xb2\\x1aNYhyhC\\xa1\\xe5\\x96\\xe9\\x9a\\xf9@\\xad\\x19-\\x99{\\x90v\\xc4\\xa3+&d\\x93s{\\x8e\\xce\\x92\\x18\\xc5\\xc6"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 157,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\19ab8d57\\2ea32674\\7\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 158,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\DisplayName",
          "content": "Accessibility,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 159,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 160,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\SIG",
          "content": "z\\xb1\\xaa^\\x82\\x82\\x9bJ\\x84\\x94\\xe5%\\x92\\xf5P\r\\xd2\\xaf\\x11Z\\xf2&\\x19R\\x02V\\x821_\\\\xabW\\xeb\\xe8\\xb4\\xef"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\2dd6ac50\\25f1f8b7\\3\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\DisplayName",
          "content": "System.Configuration,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,057",
        "eid": 165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\SIG",
          "content": ";\\xf2\\x93\\x1d\\xca\\xffYI\\xab\\xdc&X\\x07\\xe4$-!M\\xd0D\\x87\\xd2\\xcbu\\xd7)\\x06\\xd2\\xf2\\x1b\\x07\n{\\xefi\\xab"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\424bd4d8\\cc504d5\\6\\LastModTime",
          "content": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\DisplayName",
          "content": "System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\SIG",
          "content": "P\\xd0O\\xcbR]\\x90@\\x85\\x86M\\x87\\x82\r\\xa8\\xdd~\\x17\\xf4\\xe2\\x84\\xca\\x8c\\xfd-\\xacs\\xce\\xf7 \\xc3/\\xb3\\xcft\\xbf"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\41c04c7e\\7a57f554\\1d\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\DisplayName",
          "content": "System.Deployment,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 176,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\SIG",
          "content": "\\xe1\\x8a\\xf5\\x0e\\xe2q\\x8bN\\x97\nB#\\x17\\x8a\\xe6\\xf3\\xe4i\\x1a\\xeeJVa\\\\xcb\\x0ff)\\x08UQ\\x86\\x80E\\x08\\x1a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 177,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3ced59c5\\620ba200\\e\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 178,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\DisplayName",
          "content": "System.Windows.Forms,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 179,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 180,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 181,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\SIG",
          "content": "\\x84\\xda\\xb9\\xe2\\xe1\\5I\\x8c\\xe5a\\xb1\\xb8\\x91\\xd5\\xf7\\xeeKz\\x06#R\\x17\\xc9\\xbf0\\xed\\xbb\\x91p\\x9a#Zk@\\xd5"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 182,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\c991064\\7febb058\\1e\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 183,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\DisplayName",
          "content": "System,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 184,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 185,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 186,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MVID",
          "content": "\\xc6\r\\xd1\\xee\\x84;\\xa8\\xff\\x9e\\xe7\\xed\\xcdc\\x029;"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 187,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 188,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 189,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\ILDependencies",
          "content": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\xfeP?\\xe6\\xad\\xb2G\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 190,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\30bc7c4f\\3f50fe4f\\8\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\DisplayName",
          "content": "System,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 193,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 194,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 195,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\SIG",
          "content": "\\xd40\\\\x82\\xcf\\xa4LF\\xb7\\xeb\\xb8\\x14XT\\xd1\\xf81\\x82\\x8d\\xfa\\x12E\\x8d}\\x7f\\x90'\\xf5\\xa5\\x82\\xdb\\x0c\\x14c\\x12\\x1a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 196,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\3f50fe4f\\47b2ade6\\8\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\DisplayName",
          "content": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 198,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 199,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 200,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MVID",
          "content": "\\xa0=\\xd8\\x87\\x19)\\x95\\h\\x022h,\\x94d\\xa0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 201,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 202,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 203,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\ILDependencies",
          "content": "\\xc0\\xd4\\xc7m\\x16\\x96\\x94$\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 204,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 205,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\3cca06a0\\6dc7d4c0\\f\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 206,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\DisplayName",
          "content": "System.Drawing,2.0.0.0,,b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 207,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 208,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 209,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\SIG",
          "content": "\\x7fX\\xbb\\xfa\\x0e\\xf2\\xcbD\\x91\\xf4^\\x19\\xf6\r\r\\x0c\\xab\\x0eq\\xfcgB\\x12\\xe3\\xe8\\xe5\\x99Q\\x80\\xb8\\x0bu\\xdc\\x16\\x14?"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 210,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\6dc7d4c0\\24949616\\10\\LastModTime",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 211,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 212,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 214,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:21,072",
        "eid": 215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "Zk\\xb2'\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,541",
        "eid": 216,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\c60dd1ee843ba8ff9ee7edcd6302393b\\System.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x72490000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:21,541",
        "eid": 217,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,072",
        "eid": 218,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\a03dd8871929955c680232682c9464a0\\System.Drawing.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x72300000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,072",
        "eid": 219,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:22,119",
        "eid": 220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:22,119",
        "eid": 221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:22,119",
        "eid": 222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\x00.\\xa1\\xe9;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:22,119",
        "eid": 223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
          "content": "\\xa3k\\xc9@\\x07\\xac\\xdc\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,338",
        "eid": 224,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\194e1e92bfae5396086518c2ec0a0f74\\System.Windows.Forms.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x71720000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,338",
        "eid": 225,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,353",
        "eid": 226,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,353",
        "eid": 227,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,463",
        "eid": 228,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,463",
        "eid": 229,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,557",
        "eid": 230,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,557",
        "eid": 231,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,994",
        "eid": 232,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": "0x716c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,994",
        "eid": 233,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:22,994",
        "eid": 234,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:23,822",
        "eid": 235,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
          "pathtofile": null,
          "moduleaddress": "0x07660000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:23,822",
        "eid": 236,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:24,744",
        "eid": 237,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:24,744",
        "eid": 238,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:24,744",
        "eid": 239,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x75460000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:28,369",
        "eid": 240,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:29,885",
        "eid": 241,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77e40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:29,885",
        "eid": 242,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:30,682",
        "eid": 243,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:30,682",
        "eid": 244,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:31,510",
        "eid": 245,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:31,510",
        "eid": 246,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:31,510",
        "eid": 247,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:31,963",
        "eid": 248,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ea0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:31,963",
        "eid": 249,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:31,963",
        "eid": 250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:31,963",
        "eid": 251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:32,463",
        "eid": 252,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:32,463",
        "eid": 253,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:32,463",
        "eid": 254,
        "data": {
          "file": "uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x745d0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:32,463",
        "eid": 255,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:32,838",
        "eid": 256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:34,307",
        "eid": 257,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:34,307",
        "eid": 258,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:34,307",
        "eid": 259,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:34,775",
        "eid": 260,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:35,244",
        "eid": 261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:35,791",
        "eid": 262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:35,916",
        "eid": 263,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x77060000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:35,916",
        "eid": 264,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,885",
        "eid": 265,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,885",
        "eid": 266,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,885",
        "eid": 267,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 268,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74c10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 269,
        "data": {
          "file": "C:\\Windows\\System32\\bcryptprimitives.dll",
          "pathtofile": null,
          "moduleaddress": "0x76d80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 270,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 271,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 272,
        "data": {
          "file": "bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x76160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 273,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:39,900",
        "eid": 274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:39,916",
        "eid": 275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:39,916",
        "eid": 276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:41,150",
        "eid": 277,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74c10000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:41,385",
        "eid": 278,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x74c10000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:45,807",
        "eid": 279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:49,182",
        "eid": 280,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:49,182",
        "eid": 281,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
          "content": "f3037635-6191-4c44-bd96-905f1b4feafd"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:49,338",
        "eid": 282,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:49,338",
        "eid": 283,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:49,744",
        "eid": 284,
        "data": {
          "file": "shfolder.dll",
          "pathtofile": null,
          "moduleaddress": "0x71650000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:49,744",
        "eid": 285,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-04-27 21:05:50,041",
        "eid": 286,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-04-27 21:05:50,072",
        "eid": 287,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:50,572",
        "eid": 288,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\Control Panel\\International\\sYearMonth",
          "content": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-04-27 21:05:50,572",
        "eid": 289,
        "data": {
          "file": "C:\\Program Files (x86)\\WAN Manager"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:05:50,682",
        "eid": 290,
        "data": {
          "file": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
        }
      },
      {
        "event": "copy",
        "object": "file",
        "timestamp": "2026-04-27 21:05:50,838",
        "eid": 291,
        "data": {
          "from": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe",
          "to": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:50,838",
        "eid": 292,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
          "content": null
        }
      },
      {
        "event": "write",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:50,947",
        "eid": 293,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
          "content": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:50,947",
        "eid": 294,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager",
          "content": null
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:05:51,135",
        "eid": 295,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\WAN Manager\\wanmgr.exe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,463",
        "eid": 296,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll",
          "pathtofile": null,
          "moduleaddress": "0x71610000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,463",
        "eid": 297,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,463",
        "eid": 298,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,557",
        "eid": 299,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,791",
        "eid": 300,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\mscorlib.resources\\2.0.0.0_ru_b77a5c561934e089\\mscorlib.resources.dll",
          "pathtofile": null,
          "moduleaddress": "0x07a20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:51,791",
        "eid": 301,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 302,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\mscoree.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 304,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 305,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,713",
        "eid": 307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
          "content": "diasymreader.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,728",
        "eid": 308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,744",
        "eid": 309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:52,744",
        "eid": 310,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\Server\\(Default)",
          "content": "diasymreader.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:53,166",
        "eid": 311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:53,166",
        "eid": 312,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll",
          "pathtofile": null,
          "moduleaddress": "0x71590000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:53,166",
        "eid": 313,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,369",
        "eid": 314,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,369",
        "eid": 315,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,369",
        "eid": 316,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,510",
        "eid": 317,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,588",
        "eid": 318,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:53,697",
        "eid": 319,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:53,697",
        "eid": 320,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\\InprocServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\mscoree.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:53,697",
        "eid": 321,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:53,697",
        "eid": 322,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,760",
        "eid": 323,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:53,760",
        "eid": 324,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-04-27 21:05:54,541",
        "eid": 325,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,775",
        "eid": 326,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77e40000"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-04-27 21:05:55,807",
        "eid": 327,
        "data": {
          "file": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,853",
        "eid": 328,
        "data": {
          "file": "OLE32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,853",
        "eid": 329,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,853",
        "eid": 330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,853",
        "eid": 331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,885",
        "eid": 332,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,885",
        "eid": 333,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,885",
        "eid": 334,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,900",
        "eid": 335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:55,900",
        "eid": 336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
          "content": "combase.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,900",
        "eid": 337,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,900",
        "eid": 338,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,916",
        "eid": 339,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,916",
        "eid": 340,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:55,916",
        "eid": 341,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:05:59,885",
        "eid": 342,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-04-27 21:05:59,885",
        "eid": 343,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat"
        }
      },
      {
        "event": "write",
        "object": "file",
        "timestamp": "2026-04-27 21:06:00,353",
        "eid": 344,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
        }
      },
      {
        "event": "execute",
        "object": "file",
        "timestamp": "2026-04-27 21:06:00,963",
        "eid": 345,
        "data": {
          "file": null
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:06:02,322",
        "eid": 346,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:06:02,338",
        "eid": 347,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe:Zone.Identifier"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,353",
        "eid": 348,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,353",
        "eid": 349,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77e40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,353",
        "eid": 350,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,353",
        "eid": 351,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,416",
        "eid": 352,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,432",
        "eid": 353,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,994",
        "eid": 354,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:03,166",
        "eid": 355,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:03,197",
        "eid": 356,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:03,197",
        "eid": 357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:03,213",
        "eid": 358,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,072",
        "eid": 359,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-04-27 21:06:04,088",
        "eid": 360,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-04-27 21:06:04,088",
        "eid": 361,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\Logs\\cape"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,150",
        "eid": 362,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\psapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,150",
        "eid": 363,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,197",
        "eid": 364,
        "data": {
          "file": "psapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x76a70000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,197",
        "eid": 365,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,197",
        "eid": 366,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,369",
        "eid": 367,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,369",
        "eid": 368,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,369",
        "eid": 369,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x77e40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,369",
        "eid": 370,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,682",
        "eid": 371,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,682",
        "eid": 372,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,682",
        "eid": 373,
        "data": {
          "file": "ws2_32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76640000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,682",
        "eid": 374,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:04,775",
        "eid": 375,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:04,775",
        "eid": 376,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallationType",
          "content": "Client"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,791",
        "eid": 377,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x747c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:04,791",
        "eid": 378,
        "data": {
          "file": "C:\\Windows\\System32\\mswsock.dll",
          "pathtofile": null,
          "moduleaddress": "0x747c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,010",
        "eid": 379,
        "data": {
          "file": "C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.dll",
          "pathtofile": null,
          "moduleaddress": "0x08700000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,010",
        "eid": 380,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,557",
        "eid": 381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\DisplayName",
          "content": "System.Xml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 382,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigMask",
          "content": "4361"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ConfigString",
          "content": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MVID",
          "content": "\\xba\\xe2N\\x9b\\xcb\\xc0\\x1b\\xb2\\xa0\\xedO\\xa7Q4pA"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\EvalationData",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 386,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\Status",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 387,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\ILDependencies",
          "content": "\\xd8\\xd4KB\\xd5\\x04\\xc5\\x0c\\x06\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xee\\x8fcu';Y\\x11\\x05\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00W\\x8d\\xab\\x19t&\\xa3.\\x07\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\NIDependencies",
          "content": "\\xc68\\x19\\x18\\xc5\\xe2Py\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O|\\xbc0O\\xfeP?\\x08\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\NI\\6faf58\\19ab8d57\\7\\MissingDependencies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 390,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\DisplayName",
          "content": "System.Data.SqlXml,2.0.0.0,,b77a5c561934e089"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Status",
          "content": "4098"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\Modules",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 393,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\SIG",
          "content": "9S\\x1e/K\\x98DN\\xa1\\xa3^\\xba\\xd8\\xae\\xa3M\\x85\\x11\\x9b\\x17\\x815z^\\x15:\\xb8\\xb7\\x13\\x01\\xd4)\\xebl\\xb1\\x90"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 394,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_32\\IL\\75638fee\\11593b27\\5\\LastModTime",
          "content": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:05,572",
        "eid": 395,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL",
          "content": "\\x00\\xe8\\xdd\\xc5;\\xac\\xd5\\x01"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,900",
        "eid": 396,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\bae24e9bcbc01bb2a0ed4fa751347041\\System.Xml.ni.dll",
          "pathtofile": null,
          "moduleaddress": "0x70900000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,900",
        "eid": 397,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,947",
        "eid": 398,
        "data": {
          "file": "MSCORWKS.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:05,947",
        "eid": 399,
        "data": {
          "file": "mscorjit.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:06,713",
        "eid": 400,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:06,728",
        "eid": 401,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:06,728",
        "eid": 402,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:06,791",
        "eid": 403,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:07,119",
        "eid": 404,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:07,213",
        "eid": 405,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,275",
        "eid": 406,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74160000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,275",
        "eid": 407,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Library",
          "content": "%systemroot%\\system32\\netfxperf.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 410,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 411,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\IsMultiInstance",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,713",
        "eid": 413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\First Counter",
          "content": "6828"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\CategoryOptions",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 417,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\FileMappingSize",
          "content": "131072"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:07,728",
        "eid": 419,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\.NET CLR Networking\\Performance\\Counter Names",
          "content": "C\\x00o\\x00n\\x00n\\x00e\\x00c\\x00t\\x00i\\x00o\\x00n\\x00s\\x00 \\x00E\\x00s\\x00t\\x00a\\x00b\\x00l\\x00i\\x00s\\x00h\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00B\\x00y\\x00t\\x00e\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00R\\x00e\\x00c\\x00e\\x00i\\x00v\\x00e\\x00d\\x00\\x00\\x00D\\x00a\\x00t\\x00a\\x00g\\x00r\\x00a\\x00m\\x00s\\x00 \\x00S\\x00e\\x00n\\x00t\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,947",
        "eid": 420,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\dnsapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,947",
        "eid": 421,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,978",
        "eid": 422,
        "data": {
          "file": "dnsapi.dll",
          "pathtofile": null,
          "moduleaddress": "0x71070000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:07,978",
        "eid": 423,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:08,119",
        "eid": 424,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:08,869",
        "eid": 425,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:10,572",
        "eid": 426,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:13,213",
        "eid": 427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:13,213",
        "eid": 428,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:13,228",
        "eid": 429,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:07:02,947",
        "eid": 430,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:07:16,166",
        "eid": 431,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,557",
        "eid": 432,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,557",
        "eid": 433,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,572",
        "eid": 434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:56,572",
        "eid": 435,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ab0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,682",
        "eid": 436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,682",
        "eid": 437,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,682",
        "eid": 438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,682",
        "eid": 439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
          "content": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:56,682",
        "eid": 440,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 441,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 442,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 443,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 444,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 445,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 446,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:56,713",
        "eid": 447,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:59,291",
        "eid": 448,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\taskschd.dll",
          "pathtofile": null,
          "moduleaddress": "0x75180000"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:59,369",
        "eid": 449,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:05:59,369",
        "eid": 450,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:59,603",
        "eid": 451,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:59,650",
        "eid": 452,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:59,650",
        "eid": 453,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:05:59,650",
        "eid": 454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:59,650",
        "eid": 455,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:05:59,650",
        "eid": 456,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:05:59,400",
        "eid": 457,
        "data": {
          "file": "C:\\Windows\\Tasks\\WAN Manager.job"
        }
      },
      {
        "event": "delete",
        "object": "file",
        "timestamp": "2026-04-27 21:06:02,119",
        "eid": 458,
        "data": {
          "file": "C:\\Windows\\Tasks\\WAN Manager Task.job"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,866",
        "eid": 459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,866",
        "eid": 460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\LanguageOverlay\\OverlayPackages\\ru-RU\\Latest",
          "content": "C:\\Program Files\\WindowsApps\\Microsoft.LanguageExperiencePackru-RU_19041.80.272.0_neutral__8wekyb3d8bbwe"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,882",
        "eid": 461,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:01,882",
        "eid": 462,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76ab0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,944",
        "eid": 463,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,944",
        "eid": 464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,944",
        "eid": 465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:01,944",
        "eid": 466,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\ru",
          "content": "{0000004A-57EE-1E5C-00B4-D0000BB1E11E}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:01,944",
        "eid": 467,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 469,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 470,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 471,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 472,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 473,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,007",
        "eid": 474,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,069",
        "eid": 475,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\taskschd.dll",
          "pathtofile": null,
          "moduleaddress": "0x75180000"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:02,100",
        "eid": 476,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-04-27 21:06:02,116",
        "eid": 477,
        "data": {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,179",
        "eid": 478,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,225",
        "eid": 479,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,225",
        "eid": 480,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-04-27 21:06:02,225",
        "eid": 481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableUmpdBufferSizeCheck",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,225",
        "eid": 482,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-04-27 21:06:02,225",
        "eid": 483,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      }
    ],
    "encryptedbuffers": [
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "Y<&WU\\xc1\\x88\\x1e\\xa5\\xc1\\xe9\\xde&z\\xc6[",
        "crypt_key": "0x00a83938"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "m\\x95\\xfb\\xf0ry\r\\xd06A?#vo\\xb2\\x8e\\xe9O\\x14\\xd2\\x18A\\x1e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\\x18W\\x1c&^\\xbe\n,\\x8fx\\xe2\\xb8\\xf4{\\x8e\\xf6\\xc8\\xd5\\x95\\xcaQ\\x0c\\x99\t\\xe9]\\xff~\\xe1\\xaa\\x00\\x00\\x00\\x00\\x00\\x00",
        "crypt_key": "0x00a82df8"
      },
      {
        "process_name": "sex1.exe",
        "pid": 6648,
        "api_call": "CryptEncrypt",
        "buffer": "\\x94\\x88\\xfa\\xbe\\xa1\\xaf[mN\\x8d\\x12\\xe9\\x806\\xe1\\xe3",
        "crypt_key": "0x00a82df8"
      }
    ],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": []
    }
  },
  "debug": {
    "log": "2026-03-05 20:34:39,444 [root] INFO: Date set to: 20260428T00:04:27, timeout set to: 120\n2026-04-28 00:04:27,166 [root] DEBUG: Starting analyzer from: C:\\_g_ewr1x\n2026-04-28 00:04:27,244 [root] DEBUG: Storing results at: C:\\coVEjD\n2026-04-28 00:04:27,275 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\bEKvYdteFZ\n2026-04-28 00:04:27,322 [root] DEBUG: Python path: C:\\Python310\n2026-04-28 00:04:27,369 [root] INFO: analysis running as an admin\n2026-04-28 00:04:27,385 [root] INFO: analysis package specified: \"exe\"\n2026-04-28 00:04:27,385 [root] DEBUG: importing analysis package module: \"modules.packages.exe\"...\n2026-04-28 00:04:27,416 [root] DEBUG: imported analysis package \"exe\"\n2026-04-28 00:04:27,431 [root] DEBUG: initializing analysis package \"exe\"...\n2026-04-28 00:04:27,447 [lib.common.common] INFO: wrapping\n2026-04-28 00:04:27,588 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-04-28 00:04:27,603 [root] DEBUG: New location of moved file: C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\n2026-04-28 00:04:27,619 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option\n2026-04-28 00:04:27,619 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option\n2026-04-28 00:04:27,619 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option\n2026-04-28 00:04:27,619 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option\n2026-04-28 00:04:27,760 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-04-28 00:04:28,244 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-04-28 00:04:28,322 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-04-28 00:04:28,432 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-04-28 00:04:28,510 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-04-28 00:04:28,760 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'\n2026-04-28 00:04:28,885 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'\n2026-04-28 00:04:29,760 [lib.api.screenshot] INFO: Please upgrade Pillow to >= 5.4.1 for best performance\n2026-04-28 00:04:29,775 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-04-28 00:04:29,775 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-04-28 00:04:29,775 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-04-28 00:04:29,775 [root] DEBUG: attempting to configure 'Browser' from data\n2026-04-28 00:04:29,791 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-04-28 00:04:29,791 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-04-28 00:04:29,791 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-04-28 00:04:29,791 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-04-28 00:04:29,791 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-04-28 00:04:29,807 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-04-28 00:04:29,807 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-04-28 00:04:29,807 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-04-28 00:04:58,182 [modules.auxiliary.digisig] DEBUG: File is not signed\n2026-04-28 00:04:58,182 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-04-28 00:04:58,197 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-04-28 00:04:58,197 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-04-28 00:04:58,197 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-04-28 00:04:58,197 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-04-28 00:04:58,197 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-04-28 00:04:58,244 [modules.auxiliary.disguise] INFO: Disguising GUID to f3037635-6191-4c44-bd96-905f1b4feafd\n2026-04-28 00:04:58,260 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-04-28 00:04:58,260 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-04-28 00:04:58,260 [root] DEBUG: attempting to configure 'Human' from data\n2026-04-28 00:04:58,260 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-04-28 00:04:58,260 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-04-28 00:04:58,275 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-04-28 00:04:58,275 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-04-28 00:04:58,275 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-04-28 00:04:58,275 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-04-28 00:04:58,275 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-04-28 00:04:58,325 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-04-28 00:04:58,338 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-04-28 00:04:58,432 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-04-28 00:04:58,432 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-04-28 00:04:58,432 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-04-28 00:04:58,447 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 644\n2026-04-28 00:04:58,619 [lib.api.process] INFO: Monitor config for <Process 644 lsass.exe>: C:\\_g_ewr1x\\dll\\644.ini\n2026-04-28 00:04:58,619 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor\n2026-04-28 00:04:58,744 [lib.api.process] INFO: 64-bit DLL to inject is C:\\_g_ewr1x\\dll\\wIazzoy.dll, loader C:\\_g_ewr1x\\bin\\fSDEQCOs.exe\n2026-04-28 00:04:58,838 [root] DEBUG: Loader: Injecting process 644 with C:\\_g_ewr1x\\dll\\wIazzoy.dll.\n2026-04-28 00:04:59,713 [root] DEBUG: 644: Python path set to 'C:\\Python310'.\n2026-04-28 00:04:59,995 [root] DEBUG: 644: Disabling sleep skipping.\n2026-04-28 00:05:00,057 [root] DEBUG: 644: TLS secret dump mode enabled.\n2026-04-28 00:05:00,385 [root] DEBUG: 644: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500\n2026-04-28 00:05:00,416 [root] DEBUG: 644: Monitor initialised: 64-bit capemon loaded in process 644 at 0x00007FFEABBA0000, thread 4908, image base 0x00007FF7C23E0000, stack from 0x0000008E4CA72000-0x0000008E4CA80000\n2026-04-28 00:05:00,432 [root] DEBUG: 644: Commandline: C:\\Windows\\system32\\lsass.exe\n2026-04-28 00:05:00,494 [root] DEBUG: 644: Hooked 5 out of 5 functions\n2026-04-28 00:05:00,557 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-04-28 00:05:00,682 [root] DEBUG: Successfully injected DLL C:\\_g_ewr1x\\dll\\wIazzoy.dll.\n2026-04-28 00:05:00,698 [lib.api.process] INFO: Injected into 64-bit <Process 644 lsass.exe>\n2026-04-28 00:05:00,698 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-04-28 00:05:00,807 [root] DEBUG: 644: TLS 1.2 secrets logged to: C:\\coVEjD\\tlsdump\\tlsdump.log\n2026-04-28 00:05:08,494 [root] INFO: Restarting WMI Service\n2026-04-28 00:05:10,744 [root] DEBUG: package modules.packages.exe does not support configure, ignoring\n2026-04-28 00:05:10,775 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'\n2026-04-28 00:05:10,775 [lib.core.compound] INFO: C:\\Users\\cape\\AppData\\Local\\Temp already exists, skipping creation\n2026-04-28 00:05:10,932 [lib.api.process] INFO: Successfully executed process from path \"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\" with arguments \"\" with pid 6648\n2026-04-28 00:05:10,932 [lib.api.process] INFO: Monitor config for <Process 6648 sex1.exe>: C:\\_g_ewr1x\\dll\\6648.ini\n2026-04-28 00:05:10,947 [lib.api.process] INFO: 32-bit DLL to inject is C:\\_g_ewr1x\\dll\\zbBXAj.dll, loader C:\\_g_ewr1x\\bin\\oNunBip.exe\n2026-04-28 00:05:11,135 [root] DEBUG: Loader: Injecting process 6648 (thread 6700) with C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:05:11,135 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.\n2026-04-28 00:05:11,135 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.\n2026-04-28 00:05:11,135 [root] DEBUG: Successfully injected DLL C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:05:11,150 [lib.api.process] INFO: Injected into 32-bit <Process 6648 sex1.exe>\n2026-04-28 00:05:13,182 [lib.api.process] INFO: Successfully resumed <Process 6648 sex1.exe>\n2026-04-28 00:05:13,619 [root] DEBUG: 6648: Python path set to 'C:\\Python310'.\n2026-04-28 00:05:13,697 [root] DEBUG: 6648: Disabling sleep skipping.\n2026-04-28 00:05:13,697 [root] DEBUG: 6648: Dropped file limit defaulting to 100.\n2026-04-28 00:05:13,728 [root] DEBUG: 6648: YaraInit: Compiled 44 rule files\n2026-04-28 00:05:13,744 [root] DEBUG: 6648: YaraInit: Compiled rules saved to file C:\\_g_ewr1x\\data\\yara\\capemon.yac\n2026-04-28 00:05:13,744 [root] DEBUG: 6648: YaraScan: Scanning 0x00610000, size 0x1f0\n2026-04-28 00:05:13,744 [root] DEBUG: 6648: Monitor initialised: 32-bit capemon loaded in process 6648 at 0x73ea0000, thread 6700, image base 0x610000, stack from 0x7d2000-0x7e0000\n2026-04-28 00:05:13,761 [root] DEBUG: 6648: Commandline: \"C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe\"\n2026-04-28 00:05:13,900 [root] DEBUG: 6648: hook_api: LdrpCallInitRoutine export address 0x77EB2A40 obtained via GetFunctionAddress\n2026-04-28 00:05:14,010 [root] DEBUG: 6648: hook_api: Warning - SetWindowLongW export address 0x75D45420 differs from GetProcAddress -> 0x750E59E0 (apphelp.dll::0xff3d59e0)\n2026-04-28 00:05:14,025 [root] DEBUG: 6648: hook_api: Warning - EnumDisplayDevicesA export address 0x75D395A0 differs from GetProcAddress -> 0x750E6780 (apphelp.dll::0xff3d6780)\n2026-04-28 00:05:14,057 [root] DEBUG: 6648: hook_api: Warning - EnumDisplayDevicesW export address 0x75D4FB70 differs from GetProcAddress -> 0x7510E4D0 (apphelp.dll::0xff3fe4d0)\n2026-04-28 00:05:14,072 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-04-28 00:05:14,072 [root] DEBUG: 6648: set_hooks: Unable to hook GetCommandLineA\n2026-04-28 00:05:14,072 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-04-28 00:05:14,089 [root] DEBUG: 6648: set_hooks: Unable to hook GetCommandLineW\n2026-04-28 00:05:14,166 [root] DEBUG: 6648: Hooked 630 out of 632 functions\n2026-04-28 00:05:14,182 [root] DEBUG: 6648: Syscall hook installed, syscall logging level 1\n2026-04-28 00:05:14,197 [root] INFO: Loaded monitor into process with pid 6648\n2026-04-28 00:05:14,307 [root] DEBUG: 6648: DLL loaded at 0x73E10000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei (0x8d000 bytes).\n2026-04-28 00:05:14,447 [root] DEBUG: 6648: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-04-28 00:05:14,463 [root] DEBUG: 6648: DLL loaded at 0x75250000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-04-28 00:05:14,463 [root] DEBUG: 6648: DLL loaded at 0x75460000: C:\\Windows\\SYSTEM32\\VERSION (0x8000 bytes).\n2026-04-28 00:05:16,010 [root] DEBUG: 6648: InstrumentationCallback: Added region at 0x76AD24AC (base 0x76AB0000) to tracked regions list (thread 6700).\n2026-04-28 00:05:16,010 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x76AB0000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-04-28 00:05:16,385 [root] DEBUG: 6648: DLL loaded at 0x73740000: C:\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\\MSVCR80 (0x9b000 bytes).\n2026-04-28 00:05:16,400 [root] DEBUG: 6648: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-04-28 00:05:16,400 [root] DEBUG: 6648: DLL loaded at 0x737E0000: C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks (0x621000 bytes).\n2026-04-28 00:05:17,698 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x0290A000, size: 0x1000.\n2026-04-28 00:05:17,698 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x02900000\n2026-04-28 00:05:17,698 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:17,698 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02900000.\n2026-04-28 00:05:17,744 [root] DEBUG: 6648: DLL loaded at 0x77590000: C:\\Windows\\System32\\shell32 (0x5b5000 bytes).\n2026-04-28 00:05:17,760 [root] DEBUG: 6648: DLL loaded at 0x756D0000: C:\\Windows\\SYSTEM32\\Wldp (0x27000 bytes).\n2026-04-28 00:05:17,775 [root] DEBUG: 6648: DLL loaded at 0x75700000: C:\\Windows\\SYSTEM32\\windows.storage (0x60d000 bytes).\n2026-04-28 00:05:17,775 [root] DEBUG: 6648: DLL loaded at 0x76F70000: C:\\Windows\\System32\\SHCORE (0x87000 bytes).\n2026-04-28 00:05:18,447 [root] DEBUG: 6648: InstrumentationCallback: Added region at 0x772833EC (base 0x77150000) to tracked regions list (thread 6700).\n2026-04-28 00:05:18,463 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x77150000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-04-28 00:05:18,494 [root] DEBUG: 6648: DLL loaded at 0x75260000: C:\\Windows\\SYSTEM32\\profapi (0x18000 bytes).\n2026-04-28 00:05:19,150 [root] DEBUG: 6648: DLL loaded at 0x72C40000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\07fedecf3b964c4d26a6ec994226efe4\\mscorlib.ni (0xb00000 bytes).\n2026-04-28 00:05:19,385 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x02922000, size: 0x1000.\n2026-04-28 00:05:19,385 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x02920000\n2026-04-28 00:05:19,400 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:19,807 [root] DEBUG: 6648: DLL loaded at 0x76D80000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-04-28 00:05:19,807 [root] DEBUG: 6648: DLL loaded at 0x745D0000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-04-28 00:05:20,119 [root] DEBUG: 6648: caller_dispatch: Added region at 0x02910000 to tracked regions list (kernel32::SetErrorMode returns to 0x02910626, thread 6700).\n2026-04-28 00:05:20,119 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x02910000 - 0x02910FFE.\n2026-04-28 00:05:20,119 [root] DEBUG: 6648: ScanForDisguisedPE: No PE image located in range 0x02910000-0x02910FFE.\n2026-04-28 00:05:20,183 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_12552922052127142026 to CAPE\\67a4e4961f92079cfb03d908719e99c6c09b74279b0e37b9d7eea541659f3957; Size is 4094; Max size: 100000000\n2026-04-28 00:05:20,183 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_12552922052127142026 (size 4094 bytes)\n2026-04-28 00:05:20,199 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x02910000, size 4096 bytes.\n2026-04-28 00:05:20,199 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x02910000.\n2026-04-28 00:05:20,213 [root] DEBUG: 6648: YaraScan: Scanning 0x02910000, size 0xffe\n2026-04-28 00:05:20,213 [root] DEBUG: 6648: ReverseScanForNonZero: Error - Supplied size zero.\n2026-04-28 00:05:20,263 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_16854692052127142026 to CAPE\\157b063a2a5ecda11353d506c46d65fac9350decc6f97df21fb48dc66a8a4c99; Size is 354; Max size: 100000000\n2026-04-28 00:05:20,291 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_16854692052127142026 (size 354 bytes)\n2026-04-28 00:05:20,291 [root] DEBUG: 6648: DumpRegion: Dumped region at 0x0290A000, size 4096 bytes.\n2026-04-28 00:05:20,308 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x0290A000.\n2026-04-28 00:05:20,308 [root] DEBUG: 6648: ReverseScanForNonZero: Error - Supplied address inaccessible: 0x02900FFF\n2026-04-28 00:05:20,324 [root] DEBUG: 6648: YaraScan: Nothing to scan at 0x0290A000!\n2026-04-28 00:05:20,588 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:20,713 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x0408B000, size: 0x1000.\n2026-04-28 00:05:20,730 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x04080000\n2026-04-28 00:05:20,744 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:20,744 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x04080000.\n2026-04-28 00:05:21,541 [root] DEBUG: 6648: DLL loaded at 0x72490000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\c60dd1ee843ba8ff9ee7edcd6302393b\\System.ni (0x7a8000 bytes).\n2026-04-28 00:05:22,073 [root] DEBUG: 6648: DLL loaded at 0x72300000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\a03dd8871929955c680232682c9464a0\\System.Drawing.ni (0x189000 bytes).\n2026-04-28 00:05:22,338 [root] DEBUG: 6648: DLL loaded at 0x71720000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\194e1e92bfae5396086518c2ec0a0f74\\System.Windows.Forms.ni (0xbe0000 bytes).\n2026-04-28 00:05:22,557 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:22,666 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:22,697 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:22,697 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:22,807 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x76AB0000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-04-28 00:05:22,900 [root] DEBUG: 6648: DLL loaded at 0x716C0000: C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit (0x5b000 bytes).\n2026-04-28 00:05:23,729 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:24,057 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x051E0000, size: 0x1000.\n2026-04-28 00:05:24,072 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:24,916 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:25,510 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x051E0000 - 0x051E0564.\n2026-04-28 00:05:25,541 [root] DEBUG: 6648: ScanForDisguisedPE: Size too small: 0x564 bytes\n2026-04-28 00:05:25,588 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_83059732552127142026 to CAPE\\7902243f3a376bfaa57345f4323c5ae18f5f180ad0fd75395f6a3344bab889d5; Size is 1380; Max size: 100000000\n2026-04-28 00:05:25,619 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_83059732552127142026 (size 1380 bytes)\n2026-04-28 00:05:25,650 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x051E0000, size 4096 bytes.\n2026-04-28 00:05:25,713 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x051E0000.\n2026-04-28 00:05:25,728 [root] DEBUG: 6648: YaraScan: Scanning 0x051E0000, size 0x564\n2026-04-28 00:05:25,760 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x7F6C0000, size: 0x50000.\n2026-04-28 00:05:25,760 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x7F6C0000\n2026-04-28 00:05:25,775 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:25,791 [root] DEBUG: 6648: AllocationHandler: Processing previous tracked region at: 0x051E0000.\n2026-04-28 00:05:25,807 [root] DEBUG: 6648: ProcessTrackedRegion: Updated entropy for tracked region at 0x051E0000: 2.795399e+00 (from 0.000000e+00)\n2026-04-28 00:05:25,838 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x051E0000 - 0x051E0564.\n2026-04-28 00:05:25,854 [root] DEBUG: 6648: ScanForDisguisedPE: Size too small: 0x564 bytes\n2026-04-28 00:05:25,869 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_253945442552127142026 to CAPE\\7902243f3a376bfaa57345f4323c5ae18f5f180ad0fd75395f6a3344bab889d5; Size is 1380; Max size: 100000000\n2026-04-28 00:05:25,916 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_253945442552127142026 (size 1380 bytes)\n2026-04-28 00:05:26,119 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x051E0000, size 4096 bytes.\n2026-04-28 00:05:26,135 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x051E0000.\n2026-04-28 00:05:26,150 [root] DEBUG: 6648: YaraScan: Scanning 0x051E0000, size 0x564\n2026-04-28 00:05:26,150 [root] DEBUG: 6648: AllocationHandler: Memory region (size 0x50000) reserved but not committed at 0x7F6C0000.\n2026-04-28 00:05:26,166 [root] DEBUG: 6648: AllocationHandler: Previously reserved region at 0x7F6C0000, committing at: 0x7F6C0000.\n2026-04-28 00:05:26,166 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x7F6C0000.\n2026-04-28 00:05:26,182 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x7F6B0000, size: 0x10000.\n2026-04-28 00:05:26,182 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x7F6B0000\n2026-04-28 00:05:26,260 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:26,322 [root] DEBUG: 6648: AllocationHandler: Processing previous tracked region at: 0x7F6C0000.\n2026-04-28 00:05:26,338 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x7F6C0000 - 0x7F6C002C.\n2026-04-28 00:05:26,369 [root] DEBUG: 6648: ScanForDisguisedPE: Size too small: 0x2c bytes\n2026-04-28 00:05:26,525 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_36200322652127142026 to CAPE\\6a4a38c4482e414c906feff2bcb47d46b8ed525c6b88eff38080f494a7163a1b; Size is 44; Max size: 100000000\n2026-04-28 00:05:26,557 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_36200322652127142026 (size 44 bytes)\n2026-04-28 00:05:26,557 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x7F6C0000, size 4096 bytes.\n2026-04-28 00:05:26,572 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x7F6C0000.\n2026-04-28 00:05:26,588 [root] DEBUG: 6648: YaraScan: Scanning 0x7F6C0000, size 0x2c\n2026-04-28 00:05:26,603 [root] DEBUG: 6648: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x7F6B0000.\n2026-04-28 00:05:26,619 [root] DEBUG: 6648: AllocationHandler: Previously reserved region at 0x7F6B0000, committing at: 0x7F6B0000.\n2026-04-28 00:05:28,182 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x0407A000, size: 0x1000.\n2026-04-28 00:05:30,947 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x0293A000, size: 0x1000.\n2026-04-28 00:05:30,963 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x02930000\n2026-04-28 00:05:30,994 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:31,010 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02930000.\n2026-04-28 00:05:32,510 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02900000.\n2026-04-28 00:05:33,369 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x76AB0000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-04-28 00:05:34,322 [root] DEBUG: 6648: DLL loaded at 0x76BA0000: C:\\Windows\\System32\\MSCTF (0xd4000 bytes).\n2026-04-28 00:05:35,229 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02930000.\n2026-04-28 00:05:36,791 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:39,025 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:39,886 [root] DEBUG: 6648: DLL loaded at 0x75280000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x13000 bytes).\n2026-04-28 00:05:39,900 [root] DEBUG: 6648: DLL loaded at 0x74C10000: C:\\Windows\\system32\\rsaenh (0x2f000 bytes).\n2026-04-28 00:05:39,900 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x077F0000, size: 0x1000.\n2026-04-28 00:05:39,900 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:40,510 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:40,807 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x04080000.\n2026-04-28 00:05:42,900 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:43,557 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x07800000, size: 0x1000.\n2026-04-28 00:05:43,572 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:44,057 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x079B1000, size: 0x1000.\n2026-04-28 00:05:45,057 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:45,776 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:45,791 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:45,791 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:45,807 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x07810000, size: 0x8000.\n2026-04-28 00:05:45,807 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x07810000\n2026-04-28 00:05:45,807 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:45,822 [root] DEBUG: 6648: AllocationHandler: Processing previous tracked region at: 0x079B0000.\n2026-04-28 00:05:45,822 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x079B0000 - 0x079B7FFE.\n2026-04-28 00:05:45,822 [root] DEBUG: 6648: ScanForDisguisedPE: No PE image located in range 0x079B0000-0x079B7FFE.\n2026-04-28 00:05:45,838 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_219745264552127142026 to CAPE\\c53c9857218e56767da2dc2ef8fb81c512704e4023339b58d91ba52cdf903dca; Size is 32766; Max size: 100000000\n2026-04-28 00:05:45,838 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_219745264552127142026 (size 32766 bytes)\n2026-04-28 00:05:45,838 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x079B0000, size 32768 bytes.\n2026-04-28 00:05:45,853 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x079B0000.\n2026-04-28 00:05:45,853 [root] DEBUG: 6648: YaraScan: Scanning 0x079B0000, size 0x7ffe\n2026-04-28 00:05:45,853 [root] DEBUG: 6648: AllocationHandler: Memory region (size 0x8000) reserved but not committed at 0x07810000.\n2026-04-28 00:05:45,853 [root] DEBUG: 6648: AllocationHandler: Previously reserved region at 0x07810000, committing at: 0x07810000.\n2026-04-28 00:05:46,166 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:46,166 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x079B0000.\n2026-04-28 00:05:47,338 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:48,525 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:48,853 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x077F0000 - 0x077F020C.\n2026-04-28 00:05:48,853 [root] DEBUG: 6648: ScanForDisguisedPE: Size too small: 0x20c bytes\n2026-04-28 00:05:48,869 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_187460684852127142026 to CAPE\\5131cc93670f51e88960065f7bb8df32f8381db790c5a1ab3de61f19dec14c5f; Size is 524; Max size: 100000000\n2026-04-28 00:05:48,885 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_187460684852127142026 (size 524 bytes)\n2026-04-28 00:05:48,995 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x077F0000, size 4096 bytes.\n2026-04-28 00:05:48,995 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x077F0000.\n2026-04-28 00:05:48,995 [root] DEBUG: 6648: YaraScan: Scanning 0x077F0000, size 0x20c\n2026-04-28 00:05:49,744 [root] DEBUG: 6648: DLL loaded at 0x71650000: C:\\Windows\\SYSTEM32\\shfolder (0x6000 bytes).\n2026-04-28 00:05:50,088 [root] INFO: Added new file to list with pid 6648 and path C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat\n2026-04-28 00:05:50,104 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:50,104 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:05:50,510 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x04070000.\n2026-04-28 00:05:50,525 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x04070000.\n2026-04-28 00:05:50,572 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:05:50,838 [root] DEBUG: 6648: DLL loaded at 0x71620000: C:\\Windows\\SYSTEM32\\ntmarta (0x29000 bytes).\n2026-04-28 00:05:50,838 [root] INFO: Added new file to list with pid 6648 and path C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe\n2026-04-28 00:05:51,463 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x76AB0000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-04-28 00:05:51,463 [root] DEBUG: 6648: DLL loaded at 0x71610000: C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\culture (0x8000 bytes).\n2026-04-28 00:05:52,244 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:05:52,276 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x07B00000, size: 0x100000.\n2026-04-28 00:05:52,291 [root] DEBUG: 6648: GetEntropy: Error - Supplied address inaccessible: 0x07B00000\n2026-04-28 00:05:52,307 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:05:52,307 [root] DEBUG: 6648: AllocationHandler: Processing previous tracked region at: 0x07810000.\n2026-04-28 00:05:52,326 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x07810000 - 0x078108C9.\n2026-04-28 00:05:52,326 [root] DEBUG: 6648: ScanForDisguisedPE: No PE image located in range 0x07810000-0x078108C9.\n2026-04-28 00:05:52,340 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_77216365252127142026 to CAPE\\93da0626e38b0f52be088e4e0960b629ba52a39a2ca07e32b131a24d489d513d; Size is 2249; Max size: 100000000\n2026-04-28 00:05:52,340 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_77216365252127142026 (size 2249 bytes)\n2026-04-28 00:05:52,340 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x07810000, size 4096 bytes.\n2026-04-28 00:05:52,354 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x07810000.\n2026-04-28 00:05:52,354 [root] DEBUG: 6648: YaraScan: Scanning 0x07810000, size 0x8c9\n2026-04-28 00:05:52,354 [root] DEBUG: 6648: AllocationHandler: Memory region (size 0x100000) reserved but not committed at 0x07B00000.\n2026-04-28 00:05:52,372 [root] DEBUG: 6648: AllocationHandler: Previously reserved region at 0x07B00000, committing at: 0x07B00000.\n2026-04-28 00:05:52,994 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x76AB0000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-04-28 00:05:53,041 [root] DEBUG: 6648: DLL loaded at 0x71590000: C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader (0x8d000 bytes).\n2026-04-28 00:05:54,510 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02900000.\n2026-04-28 00:05:54,541 [root] INFO: Added new file to list with pid 6648 and path C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\n2026-04-28 00:05:55,635 [root] DEBUG: 6648: CreateProcessHandler: Injection info set for new process 3884: C:\\Windows\\SYSTEM32\\schtasks.exe, ImageBase: 0x009E0000\n2026-04-28 00:05:55,635 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 3884\n2026-04-28 00:05:55,635 [lib.api.process] INFO: Monitor config for <Process 3884 schtasks.exe>: C:\\_g_ewr1x\\dll\\3884.ini\n2026-04-28 00:05:55,650 [lib.api.process] INFO: 32-bit DLL to inject is C:\\_g_ewr1x\\dll\\zbBXAj.dll, loader C:\\_g_ewr1x\\bin\\oNunBip.exe\n2026-04-28 00:05:55,682 [root] DEBUG: Loader: Injecting process 3884 (thread 1828) with C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:05:55,760 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-04-28 00:05:55,775 [root] DEBUG: Successfully injected DLL C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:05:55,775 [lib.api.process] INFO: Injected into 32-bit <Process 3884 schtasks.exe>\n2026-04-28 00:05:55,807 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x77150000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-04-28 00:05:56,197 [root] DEBUG: 3884: Python path set to 'C:\\Python310'.\n2026-04-28 00:05:56,197 [root] DEBUG: 3884: Disabling sleep skipping.\n2026-04-28 00:05:56,197 [root] DEBUG: 3884: Dropped file limit defaulting to 100.\n2026-04-28 00:05:56,244 [root] DEBUG: 3884: YaraInit: Compiled rules loaded from existing file C:\\_g_ewr1x\\data\\yara\\capemon.yac\n2026-04-28 00:05:56,260 [root] DEBUG: 3884: YaraScan: Scanning 0x009E0000, size 0x3198c\n2026-04-28 00:05:56,260 [root] DEBUG: 3884: Monitor initialised: 32-bit capemon loaded in process 3884 at 0x73ea0000, thread 1828, image base 0x9e0000, stack from 0x2ae4000-0x2af0000\n2026-04-28 00:05:56,260 [root] DEBUG: 3884: Commandline: \"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\"\n2026-04-28 00:05:56,369 [root] DEBUG: 3884: hook_api: LdrpCallInitRoutine export address 0x77EB2A40 obtained via GetFunctionAddress\n2026-04-28 00:05:56,447 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-04-28 00:05:56,463 [root] DEBUG: 3884: set_hooks: Unable to hook GetCommandLineA\n2026-04-28 00:05:56,482 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-04-28 00:05:56,482 [root] DEBUG: 3884: set_hooks: Unable to hook GetCommandLineW\n2026-04-28 00:05:56,510 [root] DEBUG: 3884: Hooked 630 out of 632 functions\n2026-04-28 00:05:56,510 [root] DEBUG: 3884: Syscall hook installed, syscall logging level 1\n2026-04-28 00:05:56,526 [root] DEBUG: 3884: RestoreHeaders: Restored original import table.\n2026-04-28 00:05:56,526 [root] INFO: Loaded monitor into process with pid 3884\n2026-04-28 00:05:56,541 [root] DEBUG: 3884: caller_dispatch: Added region at 0x009E0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x00A0022A, thread 1828).\n2026-04-28 00:05:56,541 [root] DEBUG: 3884: YaraScan: Scanning 0x009E0000, size 0x3198c\n2026-04-28 00:05:56,558 [root] DEBUG: 3884: ProcessImageBase: Main module image at 0x009E0000 unmodified (entropy change 0.000000e+00)\n2026-04-28 00:05:56,650 [root] DEBUG: 3884: InstrumentationCallback: Added region at 0x772833EC (base 0x77150000) to tracked regions list (thread 1828).\n2026-04-28 00:05:56,666 [root] DEBUG: 3884: ProcessTrackedRegion: Region at 0x77150000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-04-28 00:05:56,697 [root] DEBUG: 3884: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-04-28 00:05:56,713 [root] DEBUG: 3884: DLL loaded at 0x75250000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-04-28 00:05:56,713 [root] DEBUG: 3884: DLL loaded at 0x76D80000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-04-28 00:05:56,730 [root] INFO: Stopping Task Scheduler Service\n2026-04-28 00:05:56,808 [root] INFO: Stopped Task Scheduler Service\n2026-04-28 00:05:56,838 [root] INFO: Starting Task Scheduler Service\n2026-04-28 00:05:56,947 [root] INFO: Started Task Scheduler Service\n2026-04-28 00:05:56,947 [lib.api.process] INFO: Monitor config for <Process 1052 svchost.exe>: C:\\_g_ewr1x\\dll\\1052.ini\n2026-04-28 00:05:57,010 [lib.api.process] INFO: 64-bit DLL to inject is C:\\_g_ewr1x\\dll\\wIazzoy.dll, loader C:\\_g_ewr1x\\bin\\fSDEQCOs.exe\n2026-04-28 00:05:57,041 [root] DEBUG: Loader: Injecting process 1052 with C:\\_g_ewr1x\\dll\\wIazzoy.dll.\n2026-04-28 00:05:57,041 [root] DEBUG: 1052: Python path set to 'C:\\Python310'.\n2026-04-28 00:05:57,041 [root] DEBUG: 1052: Disabling sleep skipping.\n2026-04-28 00:05:57,057 [root] DEBUG: 1052: Dropped file limit defaulting to 100.\n2026-04-28 00:05:57,057 [root] DEBUG: 1052: Services hook set enabled\n2026-04-28 00:05:57,057 [root] DEBUG: 1052: YaraInit: Compiled rules loaded from existing file C:\\_g_ewr1x\\data\\yara\\capemon.yac\n2026-04-28 00:05:57,104 [root] DEBUG: 1052: RtlInsertInvertedFunctionTable 0x00007FFEFE86090E, LdrpInvertedFunctionTableSRWLock 0x00007FFEFE9BD500\n2026-04-28 00:05:57,104 [root] DEBUG: 1052: Monitor initialised: 64-bit capemon loaded in process 1052 at 0x00007FFEABBA0000, thread 852, image base 0x00007FF7AB6E0000, stack from 0x0000005367074000-0x0000005367080000\n2026-04-28 00:05:57,104 [root] DEBUG: 1052: Commandline: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Schedule\n2026-04-28 00:05:57,182 [root] DEBUG: 1052: Hooked 69 out of 69 functions\n2026-04-28 00:05:57,228 [root] INFO: Loaded monitor into process with pid 1052\n2026-04-28 00:05:57,228 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.\n2026-04-28 00:05:57,228 [root] DEBUG: Successfully injected DLL C:\\_g_ewr1x\\dll\\wIazzoy.dll.\n2026-04-28 00:05:57,244 [lib.api.process] INFO: Injected into 64-bit <Process 1052 svchost.exe>\n2026-04-28 00:05:59,260 [root] DEBUG: 3884: DLL loaded at 0x77400000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-04-28 00:05:59,275 [root] DEBUG: 3884: DLL loaded at 0x75180000: C:\\Windows\\System32\\taskschd (0x7d000 bytes).\n2026-04-28 00:05:59,291 [root] DEBUG: 3884: DEBUG:Initialized 9 com hooks\n2026-04-28 00:05:59,603 [root] DEBUG: 3884: NtTerminateProcess hook: Attempting to dump process 3884\n2026-04-28 00:05:59,635 [root] DEBUG: 3884: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-04-28 00:05:59,697 [root] INFO: Process with pid 3884 has terminated\n2026-04-28 00:05:59,791 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x077F0000.\n2026-04-28 00:05:59,822 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp to files\\4931757751d7c9d49e74bf11f86be68591998ab3608b8a0d8cca6b531f1451a6; Size is 1304; Max size: 100000000\n2026-04-28 00:06:00,088 [root] INFO: Added new file to list with pid 6648 and path C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat\n2026-04-28 00:06:00,385 [root] INFO: Added new file to list with pid 6648 and path C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\n2026-04-28 00:06:00,400 [root] DEBUG: 6648: CreateProcessHandler: Injection info set for new process 3200: C:\\Windows\\SYSTEM32\\schtasks.exe, ImageBase: 0x009E0000\n2026-04-28 00:06:00,432 [root] INFO: Announced 32-bit process name: schtasks.exe pid: 3200\n2026-04-28 00:06:00,486 [lib.api.process] INFO: Monitor config for <Process 3200 schtasks.exe>: C:\\_g_ewr1x\\dll\\3200.ini\n2026-04-28 00:06:00,574 [lib.api.process] INFO: 32-bit DLL to inject is C:\\_g_ewr1x\\dll\\zbBXAj.dll, loader C:\\_g_ewr1x\\bin\\oNunBip.exe\n2026-04-28 00:06:00,667 [root] DEBUG: Loader: Injecting process 3200 (thread 7412) with C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:06:00,701 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.\n2026-04-28 00:06:00,802 [root] DEBUG: Successfully injected DLL C:\\_g_ewr1x\\dll\\zbBXAj.dll.\n2026-04-28 00:06:00,870 [lib.api.process] INFO: Injected into 32-bit <Process 3200 schtasks.exe>\n2026-04-28 00:06:00,952 [root] DEBUG: 6648: ProcessTrackedRegion: Region at 0x77150000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-04-28 00:06:01,101 [root] DEBUG: 3200: Python path set to 'C:\\Python310'.\n2026-04-28 00:06:01,121 [root] DEBUG: 3200: Dropped file limit defaulting to 100.\n2026-04-28 00:06:01,155 [root] DEBUG: 3200: Disabling sleep skipping.\n2026-04-28 00:06:01,180 [root] DEBUG: 3200: YaraInit: Compiled rules loaded from existing file C:\\_g_ewr1x\\data\\yara\\capemon.yac\n2026-04-28 00:06:01,264 [root] DEBUG: 3200: YaraScan: Scanning 0x009E0000, size 0x3198c\n2026-04-28 00:06:01,299 [root] DEBUG: 3200: Monitor initialised: 32-bit capemon loaded in process 3200 at 0x73ea0000, thread 7412, image base 0x9e0000, stack from 0x2f35000-0x2f40000\n2026-04-28 00:06:01,320 [root] DEBUG: 3200: Commandline: \"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\"\n2026-04-28 00:06:01,550 [root] DEBUG: 3200: hook_api: LdrpCallInitRoutine export address 0x77EB2A40 obtained via GetFunctionAddress\n2026-04-28 00:06:01,649 [root] WARNING: b'Unable to place hook on GetCommandLineA'\n2026-04-28 00:06:01,669 [root] DEBUG: 3200: set_hooks: Unable to hook GetCommandLineA\n2026-04-28 00:06:01,683 [root] WARNING: b'Unable to place hook on GetCommandLineW'\n2026-04-28 00:06:01,694 [root] DEBUG: 3200: set_hooks: Unable to hook GetCommandLineW\n2026-04-28 00:06:01,728 [root] DEBUG: 3200: Hooked 630 out of 632 functions\n2026-04-28 00:06:01,751 [root] DEBUG: 3200: Syscall hook installed, syscall logging level 1\n2026-04-28 00:06:01,772 [root] DEBUG: 3200: RestoreHeaders: Restored original import table.\n2026-04-28 00:06:01,775 [root] INFO: Loaded monitor into process with pid 3200\n2026-04-28 00:06:01,796 [root] DEBUG: 3200: caller_dispatch: Added region at 0x009E0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x00A0022A, thread 7412).\n2026-04-28 00:06:01,843 [root] DEBUG: 3200: YaraScan: Scanning 0x009E0000, size 0x3198c\n2026-04-28 00:06:01,855 [root] DEBUG: 3200: ProcessImageBase: Main module image at 0x009E0000 unmodified (entropy change 0.000000e+00)\n2026-04-28 00:06:01,936 [root] DEBUG: 3200: InstrumentationCallback: Added region at 0x772833EC (base 0x77150000) to tracked regions list (thread 7412).\n2026-04-28 00:06:01,938 [root] DEBUG: 3200: ProcessTrackedRegion: Region at 0x77150000 mapped as \\Device\\HarddiskVolume1\\Windows\\SysWOW64\\KernelBase.dll is in known range, skipping\n2026-04-28 00:06:01,961 [root] DEBUG: 3200: set_hooks_by_export_directory: Hooked 0 out of 632 functions\n2026-04-28 00:06:01,970 [root] DEBUG: 3200: DLL loaded at 0x75250000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-04-28 00:06:01,996 [root] DEBUG: 3200: DLL loaded at 0x76D80000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-04-28 00:06:02,042 [root] DEBUG: 3200: DLL loaded at 0x77400000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-04-28 00:06:02,062 [root] DEBUG: 3200: DLL loaded at 0x75180000: C:\\Windows\\System32\\taskschd (0x7d000 bytes).\n2026-04-28 00:06:02,065 [root] DEBUG: 3200: DEBUG:Initialized 9 com hooks\n2026-04-28 00:06:02,192 [root] DEBUG: 3200: NtTerminateProcess hook: Attempting to dump process 3200\n2026-04-28 00:06:02,206 [root] DEBUG: 3200: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-04-28 00:06:02,262 [root] INFO: Process with pid 3200 has terminated\n2026-04-28 00:06:02,311 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp to files\\067d3f5167cab2ea4e76f59386df4eaf49c6008f6451e1971274a938ad7bcf44; Size is 1308; Max size: 100000000\n2026-04-28 00:06:02,468 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:02,562 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:02,699 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:02,744 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:03,146 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:03,250 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:03,283 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:03,319 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:03,341 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:03,368 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:06:03,463 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07B00000.\n2026-04-28 00:06:03,474 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07B00000.\n2026-04-28 00:06:03,526 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07B00000.\n2026-04-28 00:06:03,581 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:03,744 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:03,984 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:04,147 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:04,182 [root] DEBUG: 6648: DLL loaded at 0x76A70000: C:\\Windows\\System32\\psapi (0x6000 bytes).\n2026-04-28 00:06:04,211 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:04,414 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:04,640 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:04,780 [root] DEBUG: 6648: DLL loaded at 0x747C0000: C:\\Windows\\system32\\mswsock (0x52000 bytes).\n2026-04-28 00:06:04,952 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,169 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,191 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,206 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,229 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02920000.\n2026-04-28 00:06:05,323 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,351 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07800000.\n2026-04-28 00:06:05,424 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x051E0000.\n2026-04-28 00:06:05,460 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x08640000, size: 0x1000.\n2026-04-28 00:06:05,484 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:06:05,530 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:05,876 [root] DEBUG: 6648: DLL loaded at 0x70900000: C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\bae24e9bcbc01bb2a0ed4fa751347041\\System.Xml.ni (0x53c000 bytes).\n2026-04-28 00:06:05,986 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x08630000, size: 0x1000.\n2026-04-28 00:06:06,000 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:06:06,107 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:06,127 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x08640000 - 0x08642381.\n2026-04-28 00:06:06,129 [root] DEBUG: 6648: ScanForDisguisedPE: No PE image located in range 0x08640000-0x08642381.\n2026-04-28 00:06:06,259 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_4115020662127142026 to CAPE\\b639220ba55e061b5ed03cb609435b06f2ca7eb4ded611f62778f43d345d4b25; Size is 9089; Max size: 100000000\n2026-04-28 00:06:06,323 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_4115020662127142026 (size 9089 bytes)\n2026-04-28 00:06:06,339 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x08640000, size 12288 bytes.\n2026-04-28 00:06:06,375 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x08640000.\n2026-04-28 00:06:06,442 [root] DEBUG: 6648: YaraScan: Scanning 0x08640000, size 0x2381\n2026-04-28 00:06:06,712 [root] DEBUG: 6648: AllocationHandler: Previously reserved region at 0x02910000, committing at: 0x02911000.\n2026-04-28 00:06:06,901 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:06,926 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08630000.\n2026-04-28 00:06:07,014 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,150 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,156 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,188 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,235 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,273 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08630000.\n2026-04-28 00:06:07,335 [root] DEBUG: 6648: AllocationHandler: Adding allocation to tracked region list: 0x08660000, size: 0x1000.\n2026-04-28 00:06:07,351 [root] DEBUG: 6648: AddTrackedRegion: GetEntropy failed.\n2026-04-28 00:06:07,357 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08630000.\n2026-04-28 00:06:07,357 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,536 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,558 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08630000.\n2026-04-28 00:06:07,621 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,723 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x077F0000.\n2026-04-28 00:06:07,838 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:07,942 [root] DEBUG: 6648: DLL loaded at 0x71070000: C:\\Windows\\SYSTEM32\\dnsapi (0x90000 bytes).\n2026-04-28 00:06:07,954 [root] DEBUG: 6648: DLL loaded at 0x74BB0000: C:\\Windows\\SYSTEM32\\IPHLPAPI (0x32000 bytes).\n2026-04-28 00:06:07,974 [root] DEBUG: 6648: DLL loaded at 0x77E20000: C:\\Windows\\System32\\NSI (0x7000 bytes).\n2026-04-28 00:06:08,159 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:08,175 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08630000.\n2026-04-28 00:06:08,321 [root] DEBUG: 6648: DumpRegion: Dump at 0x02920000 skipped due to dump limit 10\n2026-04-28 00:06:08,346 [root] DEBUG: 6648: ProcessTrackedRegion: Failed to dump region at 0x02920000.\n2026-04-28 00:06:08,357 [root] DEBUG: 6648: YaraScan: Scanning 0x02920000, size 0xad10\n2026-04-28 00:06:08,926 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:08,958 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x08640000.\n2026-04-28 00:06:08,991 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x077F0000.\n2026-04-28 00:06:09,075 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x07B00000.\n2026-04-28 00:06:13,225 [root] DEBUG: 6648: AllocationHandler: Allocation already in tracked region list: 0x02930000.\n2026-04-28 00:06:18,257 [root] INFO: Process with pid 3556 has terminated\n2026-04-28 00:06:34,522 [root] INFO: Process with pid 6016 has terminated\n2026-04-28 00:07:14,179 [root] INFO: Analysis timeout hit, terminating analysis\n2026-04-28 00:07:14,194 [lib.api.process] INFO: Terminate event set for <Process 6648 sex1.exe>\n2026-04-28 00:07:14,257 [root] DEBUG: 6648: Terminate Event: Attempting to dump process 6648\n2026-04-28 00:07:14,491 [root] DEBUG: 6648: VerifyCodeSection: Executable code does not match, 0x1c796 of 0x1c797 matching\n2026-04-28 00:07:14,741 [root] DEBUG: 6648: DoProcessDump: Code modification detected, dumping Imagebase at 0x00610000.\n2026-04-28 00:07:14,897 [root] DEBUG: 6648: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-04-28 00:07:15,041 [root] DEBUG: 6648: DumpProcess: Instantiating PeParser with address: 0x00610000.\n2026-04-28 00:07:15,147 [root] DEBUG: 6648: DumpProcess: Module entry point VA is 0x0062E792.\n2026-04-28 00:07:15,179 [root] DEBUG: 6648: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00612000, section 1\n2026-04-28 00:07:15,194 [root] DEBUG: 6648: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00630000, section 2\n2026-04-28 00:07:15,226 [root] DEBUG: 6648: reBasePEImage: Exception rebasing image from 0x00610000 to 0x00400000.\n2026-04-28 00:07:15,241 [root] DEBUG: 6648: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x00400000.\n2026-04-28 00:07:15,350 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_111521572127142026 to procdump\\e4dd7d882e7afe04c9b7bddfc0a6251193152d26b730d2625db3646f88c717b3; Size is 91136; Max size: 100000000\n2026-04-28 00:07:15,366 [root] DEBUG: 6648: DumpProcess: Module image dump success - dump size 0x16400.\n2026-04-28 00:07:15,397 [root] DEBUG: 6648: DumpInterestingRegions: Dumping .NET image at 0x08110000.\n2026-04-28 00:07:15,413 [root] DEBUG: 6648: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image (process 6648)\n2026-04-28 00:07:15,429 [root] DEBUG: 6648: DumpPE: Instantiating PeParser with address: 0x08110000.\n2026-04-28 00:07:15,477 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_81993481572127142026 to CAPE\\61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403; Size is 19968; Max size: 100000000\n2026-04-28 00:07:15,522 [root] DEBUG: 6648: DumpPE: PE file at 0x08110000 dumped successfully - dump size 0x4e00.\n2026-04-28 00:07:15,539 [root] DEBUG: 6648: DumpInterestingRegions: Dumping .NET image at 0x083B0000.\n2026-04-28 00:07:15,710 [root] DEBUG: 6648: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image (process 6648)\n2026-04-28 00:07:15,741 [root] DEBUG: 6648: DumpPE: Instantiating PeParser with address: 0x083B0000.\n2026-04-28 00:07:15,788 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_46934941572127142026 to CAPE\\01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354; Size is 100352; Max size: 100000000\n2026-04-28 00:07:15,804 [root] DEBUG: 6648: DumpPE: PE file at 0x083B0000 dumped successfully - dump size 0x18800.\n2026-04-28 00:07:15,835 [root] DEBUG: 6648: DumpInterestingRegions: Dumping .NET image at 0x08510000.\n2026-04-28 00:07:15,882 [root] DEBUG: 6648: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image (process 6648)\n2026-04-28 00:07:15,882 [root] DEBUG: 6648: DumpPE: Instantiating PeParser with address: 0x08510000.\n2026-04-28 00:07:15,945 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_241945001572127142026 to CAPE\\f9b8c3f31375e9a1ec105f930f751869a804110d29d6b38e7298622eb74b2bec; Size is 12288; Max size: 100000000\n2026-04-28 00:07:15,976 [root] DEBUG: 6648: DumpPE: PE file at 0x08510000 dumped successfully - dump size 0x3000.\n2026-04-28 00:07:16,007 [root] DEBUG: 6648: DumpPEsInRange: Scanning range 0x08660000 - 0x086608CC.\n2026-04-28 00:07:16,024 [root] DEBUG: 6648: ScanForDisguisedPE: No PE image located in range 0x08660000-0x086608CC.\n2026-04-28 00:07:16,054 [lib.common.results] INFO: Uploading file C:\\coVEjD\\CAPE\\6648_7284221672127142026 to CAPE\\dc4a61046d5f6b52019eda5764ab099414471fc9e9fb50c828092a8db276c84d; Size is 2252; Max size: 100000000\n2026-04-28 00:07:16,088 [root] DEBUG: 6648: DumpMemory: Payload successfully created: C:\\coVEjD\\CAPE\\6648_7284221672127142026 (size 2252 bytes)\n2026-04-28 00:07:16,101 [root] DEBUG: 6648: DumpRegion: Dumped entire allocation from 0x08660000, size 4096 bytes.\n2026-04-28 00:07:16,132 [root] DEBUG: 6648: ProcessTrackedRegion: Dumped region at 0x08660000.\n2026-04-28 00:07:16,132 [root] DEBUG: 6648: YaraScan: Scanning 0x08660000, size 0x8cc\n2026-04-28 00:07:16,147 [lib.api.process] INFO: Termination confirmed for <Process 6648 sex1.exe>\n2026-04-28 00:07:16,147 [root] INFO: Terminate event set for process 6648\n2026-04-28 00:07:16,147 [root] DEBUG: 6648: Terminate Event: monitor shutdown complete for process 6648\n2026-04-28 00:07:16,163 [lib.api.process] INFO: Terminate event set for <Process 1052 svchost.exe>\n2026-04-28 00:07:16,179 [root] DEBUG: 1052: Terminate Event: Attempting to dump process 1052\n2026-04-28 00:07:16,194 [root] DEBUG: 1052: DoProcessDump: Skipping process dump as code is identical on disk.\n2026-04-28 00:07:16,429 [lib.api.process] INFO: Termination confirmed for <Process 1052 svchost.exe>\n2026-04-28 00:07:16,429 [root] DEBUG: 1052: Terminate Event: monitor shutdown complete for process 1052\n2026-04-28 00:07:16,444 [root] INFO: Terminate event set for process 1052\n2026-04-28 00:07:16,475 [root] INFO: Created shutdown mutex\n2026-04-28 00:07:17,554 [root] INFO: Shutting down package\n2026-04-28 00:07:17,569 [root] INFO: Stopping auxiliary modules\n2026-04-28 00:07:17,569 [root] INFO: Stopping auxiliary module: Browser\n2026-04-28 00:07:17,585 [root] INFO: Stopping auxiliary module: Human\n2026-04-28 00:07:19,397 [root] INFO: Stopping auxiliary module: Screenshots\n2026-04-28 00:07:20,350 [root] INFO: Finishing auxiliary modules\n2026-04-28 00:07:20,366 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-04-28 00:07:20,366 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\run.dat to files\\36bafa5002051a4b9b6881e5a98a99819e4d0b662428a35760be4ff269b74707; Size is 8; Max size: 100000000\n2026-04-28 00:07:20,413 [lib.common.results] INFO: Uploading file C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe to files\\2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b; Size is 207872; Max size: 100000000\n2026-04-28 00:07:20,444 [lib.common.results] INFO: Uploading file C:\\Users\\cape\\AppData\\Roaming\\F3037635-6191-4C44-BD96-905F1B4FEAFD\\task.dat to files\\18dfaf9bd0867e40bf38b6f31369867a9d3ed42ac0a7a313753ad173556a4225; Size is 41; Max size: 100000000\n2026-04-28 00:07:20,538 [root] WARNING: Folder at path \"C:\\coVEjD\\debugger\" does not exist, skipping\n2026-04-28 00:07:20,632 [root] INFO: Uploading files at path \"C:\\coVEjD\\tlsdump\"\n2026-04-28 00:07:20,772 [lib.common.results] INFO: Uploading file C:\\coVEjD\\tlsdump\\tlsdump.log to tlsdump\\tlsdump.log; Size is 14522; Max size: 100000000\n2026-04-28 00:07:20,991 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "a9cc451a5b387066df749b31be41b55638d219fb1bb055e4cd1dd4fdbc780680",
    "hosts": [
      {
        "ip": "172.67.140.186",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "nnzn.sa.com",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "104.21.33.27",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "nnzn.sa.com",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "46.149.110.67",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "72.154.7.16",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.108",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.100",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.105",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.102",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.98",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.101",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.107",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "72.154.7.109",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "13.107.6.156",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "84.47.178.41",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "20.165.94.54",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "150.171.27.11",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "209.85.233.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "i.pki.goog",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "84.47.178.49",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "40.126.53.14",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "52.123.242.97",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "20.42.65.93",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "4.207.247.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "84.47.178.56",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [
      {
        "domain": "i.pki.goog",
        "ip": "209.85.233.94"
      },
      {
        "domain": "nnzn.sa.com",
        "ip": "172.67.140.186"
      }
    ],
    "tcp": [
      {
        "src": "192.168.1.100",
        "sport": 49724,
        "dst": "20.189.173.2",
        "dport": 443,
        "offset": 95,
        "time": 0.9105789661407471
      },
      {
        "src": "192.168.1.100",
        "sport": 49718,
        "dst": "84.47.178.56",
        "dport": 443,
        "offset": 166,
        "time": 4.816316843032837
      },
      {
        "src": "192.168.1.100",
        "sport": 49807,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 752,
        "time": 5.3585288524627686
      },
      {
        "src": "192.168.1.100",
        "sport": 49809,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 8930,
        "time": 5.6389617919921875
      },
      {
        "src": "192.168.1.100",
        "sport": 49784,
        "dst": "40.126.53.14",
        "dport": 443,
        "offset": 26122,
        "time": 5.714845895767212
      },
      {
        "src": "192.168.1.100",
        "sport": 49813,
        "dst": "84.47.178.49",
        "dport": 443,
        "offset": 55497,
        "time": 5.958789825439453
      },
      {
        "src": "192.168.1.100",
        "sport": 49814,
        "dst": "84.47.178.49",
        "dport": 443,
        "offset": 62532,
        "time": 5.976525783538818
      },
      {
        "src": "192.168.1.100",
        "sport": 49816,
        "dst": "93.191.15.200",
        "dport": 80,
        "offset": 313546,
        "time": 6.244580984115601
      },
      {
        "src": "192.168.1.100",
        "sport": 49818,
        "dst": "93.191.15.200",
        "dport": 80,
        "offset": 321577,
        "time": 7.018518924713135
      },
      {
        "src": "192.168.1.100",
        "sport": 49820,
        "dst": "13.71.55.58",
        "dport": 443,
        "offset": 361757,
        "time": 7.702797889709473
      },
      {
        "src": "192.168.1.100",
        "sport": 49822,
        "dst": "209.85.233.94",
        "dport": 80,
        "offset": 369242,
        "time": 7.739718914031982
      },
      {
        "src": "192.168.1.100",
        "sport": 49824,
        "dst": "194.158.198.23",
        "dport": 80,
        "offset": 397120,
        "time": 8.044854879379272
      },
      {
        "src": "192.168.1.100",
        "sport": 49728,
        "dst": "150.171.27.11",
        "dport": 443,
        "offset": 398873,
        "time": 8.091765880584717
      },
      {
        "src": "192.168.1.100",
        "sport": 49825,
        "dst": "150.171.27.11",
        "dport": 443,
        "offset": 401937,
        "time": 8.138266801834106
      },
      {
        "src": "192.168.1.100",
        "sport": 49826,
        "dst": "20.42.65.93",
        "dport": 443,
        "offset": 416568,
        "time": 9.648996829986572
      },
      {
        "src": "192.168.1.100",
        "sport": 49827,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 430011,
        "time": 16.730589866638184
      },
      {
        "src": "192.168.1.100",
        "sport": 49828,
        "dst": "40.126.53.14",
        "dport": 443,
        "offset": 442579,
        "time": 27.429951906204224
      },
      {
        "src": "192.168.1.100",
        "sport": 49830,
        "dst": "23.11.41.157",
        "dport": 80,
        "offset": 448679,
        "time": 34.82388496398926
      },
      {
        "src": "192.168.1.100",
        "sport": 49831,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 451933,
        "time": 35.06942081451416
      },
      {
        "src": "192.168.1.100",
        "sport": 49834,
        "dst": "20.190.147.7",
        "dport": 443,
        "offset": 486528,
        "time": 36.62983798980713
      },
      {
        "src": "192.168.1.100",
        "sport": 49836,
        "dst": "20.190.147.7",
        "dport": 443,
        "offset": 487200,
        "time": 36.63058590888977
      },
      {
        "src": "192.168.1.100",
        "sport": 49840,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 585912,
        "time": 37.10933995246887
      },
      {
        "src": "192.168.1.100",
        "sport": 49842,
        "dst": "4.207.247.139",
        "dport": 443,
        "offset": 617058,
        "time": 37.177111864089966
      },
      {
        "src": "192.168.1.100",
        "sport": 49843,
        "dst": "20.72.205.209",
        "dport": 443,
        "offset": 693589,
        "time": 37.41583490371704
      },
      {
        "src": "192.168.1.100",
        "sport": 49846,
        "dst": "93.191.15.161",
        "dport": 80,
        "offset": 785564,
        "time": 38.132412910461426
      },
      {
        "src": "192.168.1.100",
        "sport": 49849,
        "dst": "74.178.240.61",
        "dport": 443,
        "offset": 1185017,
        "time": 38.90982985496521
      },
      {
        "src": "192.168.1.100",
        "sport": 49850,
        "dst": "20.165.94.54",
        "dport": 443,
        "offset": 1239956,
        "time": 39.52844595909119
      },
      {
        "src": "192.168.1.100",
        "sport": 49710,
        "dst": "84.47.178.41",
        "dport": 443,
        "offset": 1243159,
        "time": 39.70434379577637
      },
      {
        "src": "192.168.1.100",
        "sport": 49716,
        "dst": "84.47.178.56",
        "dport": 443,
        "offset": 1243300,
        "time": 39.78235077857971
      },
      {
        "src": "192.168.1.100",
        "sport": 49852,
        "dst": "20.190.147.7",
        "dport": 443,
        "offset": 1248367,
        "time": 39.99712777137756
      },
      {
        "src": "192.168.1.100",
        "sport": 49719,
        "dst": "8.8.4.4",
        "dport": 443,
        "offset": 1261142,
        "time": 40.251083850860596
      },
      {
        "src": "192.168.1.100",
        "sport": 49855,
        "dst": "20.42.72.131",
        "dport": 443,
        "offset": 1413956,
        "time": 40.42833590507507
      },
      {
        "src": "192.168.1.100",
        "sport": 49857,
        "dst": "20.72.205.209",
        "dport": 443,
        "offset": 1582123,
        "time": 40.59715390205383
      },
      {
        "src": "192.168.1.100",
        "sport": 49860,
        "dst": "74.178.240.61",
        "dport": 443,
        "offset": 1627251,
        "time": 40.8864848613739
      },
      {
        "src": "192.168.1.100",
        "sport": 49720,
        "dst": "8.8.4.4",
        "dport": 443,
        "offset": 1649009,
        "time": 41.157301902770996
      },
      {
        "src": "192.168.1.100",
        "sport": 49708,
        "dst": "13.107.6.156",
        "dport": 443,
        "offset": 1649080,
        "time": 41.15736484527588
      },
      {
        "src": "192.168.1.100",
        "sport": 49864,
        "dst": "20.189.173.12",
        "dport": 443,
        "offset": 1652376,
        "time": 42.26887893676758
      },
      {
        "src": "192.168.1.100",
        "sport": 49712,
        "dst": "84.47.178.41",
        "dport": 443,
        "offset": 1656926,
        "time": 42.37591886520386
      },
      {
        "src": "192.168.1.100",
        "sport": 49867,
        "dst": "20.189.173.12",
        "dport": 443,
        "offset": 1698152,
        "time": 43.41438698768616
      },
      {
        "src": "192.168.1.100",
        "sport": 49868,
        "dst": "20.72.205.209",
        "dport": 443,
        "offset": 1708091,
        "time": 43.70722699165344
      },
      {
        "src": "192.168.1.100",
        "sport": 49872,
        "dst": "20.106.86.13",
        "dport": 443,
        "offset": 1899138,
        "time": 46.58566093444824
      },
      {
        "src": "192.168.1.100",
        "sport": 49874,
        "dst": "20.106.86.13",
        "dport": 443,
        "offset": 2046589,
        "time": 47.00514793395996
      },
      {
        "src": "192.168.1.100",
        "sport": 49880,
        "dst": "52.123.128.14",
        "dport": 443,
        "offset": 2061163,
        "time": 50.659477949142456
      },
      {
        "src": "192.168.1.100",
        "sport": 49894,
        "dst": "52.185.211.133",
        "dport": 443,
        "offset": 2100226,
        "time": 61.55058479309082
      },
      {
        "src": "192.168.1.100",
        "sport": 49903,
        "dst": "184.86.14.126",
        "dport": 443,
        "offset": 41965783,
        "time": 66.48773384094238
      },
      {
        "src": "192.168.1.100",
        "sport": 49906,
        "dst": "93.191.15.162",
        "dport": 80,
        "offset": 61752470,
        "time": 68.04890084266663
      },
      {
        "src": "192.168.1.100",
        "sport": 49909,
        "dst": "20.106.86.13",
        "dport": 443,
        "offset": 95817349,
        "time": 70.74004483222961
      },
      {
        "src": "192.168.1.100",
        "sport": 49914,
        "dst": "150.171.109.51",
        "dport": 443,
        "offset": 115636120,
        "time": 75.12129878997803
      },
      {
        "src": "192.168.1.100",
        "sport": 49916,
        "dst": "20.42.72.131",
        "dport": 443,
        "offset": 115644443,
        "time": 75.98714184761047
      },
      {
        "src": "192.168.1.100",
        "sport": 49919,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 115746128,
        "time": 76.87250900268555
      },
      {
        "src": "192.168.1.100",
        "sport": 49921,
        "dst": "2.23.88.9",
        "dport": 443,
        "offset": 116652869,
        "time": 78.00647497177124
      },
      {
        "src": "192.168.1.100",
        "sport": 49924,
        "dst": "20.106.86.13",
        "dport": 443,
        "offset": 117380505,
        "time": 78.68909692764282
      },
      {
        "src": "192.168.1.100",
        "sport": 49927,
        "dst": "13.71.55.58",
        "dport": 443,
        "offset": 117413527,
        "time": 81.0087218284607
      },
      {
        "src": "192.168.1.100",
        "sport": 49930,
        "dst": "13.71.55.58",
        "dport": 443,
        "offset": 117434140,
        "time": 82.9739739894867
      },
      {
        "src": "192.168.1.100",
        "sport": 49955,
        "dst": "2.23.89.205",
        "dport": 443,
        "offset": 117791545,
        "time": 101.54412698745728
      },
      {
        "src": "192.168.1.100",
        "sport": 49960,
        "dst": "20.189.173.2",
        "dport": 443,
        "offset": 117815001,
        "time": 103.85059976577759
      },
      {
        "src": "192.168.1.100",
        "sport": 49964,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 117824579,
        "time": 107.12727499008179
      },
      {
        "src": "192.168.1.100",
        "sport": 49967,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 117826955,
        "time": 111.38894891738892
      },
      {
        "src": "192.168.1.100",
        "sport": 49969,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 118110599,
        "time": 115.50963997840881
      },
      {
        "src": "192.168.1.100",
        "sport": 49971,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 118113076,
        "time": 119.60826992988586
      },
      {
        "src": "192.168.1.100",
        "sport": 49973,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 118114834,
        "time": 123.70405697822571
      },
      {
        "src": "192.168.1.100",
        "sport": 49974,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 118116606,
        "time": 127.73849177360535
      },
      {
        "src": "192.168.1.100",
        "sport": 49975,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 119354993,
        "time": 131.8616099357605
      },
      {
        "src": "192.168.1.100",
        "sport": 49977,
        "dst": "204.79.197.203",
        "dport": 80,
        "offset": 119357177,
        "time": 132.5301969051361
      },
      {
        "src": "192.168.1.100",
        "sport": 49979,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 119368301,
        "time": 135.9119758605957
      },
      {
        "src": "192.168.1.100",
        "sport": 49981,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 119460267,
        "time": 140.031751871109
      },
      {
        "src": "192.168.1.100",
        "sport": 49980,
        "dst": "199.232.214.172",
        "dport": 80,
        "offset": 119465797,
        "time": 142.00920987129211
      },
      {
        "src": "192.168.1.100",
        "sport": 49984,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 120182831,
        "time": 144.08567786216736
      },
      {
        "src": "192.168.1.100",
        "sport": 49985,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 120184297,
        "time": 148.14151191711426
      },
      {
        "src": "192.168.1.100",
        "sport": 49986,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 120185681,
        "time": 152.23855590820312
      },
      {
        "src": "192.168.1.100",
        "sport": 49987,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 120187147,
        "time": 156.3568618297577
      },
      {
        "src": "192.168.1.100",
        "sport": 49988,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 120188461,
        "time": 160.40189695358276
      },
      {
        "src": "192.168.1.100",
        "sport": 49989,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 120189915,
        "time": 164.51311993598938
      },
      {
        "src": "192.168.1.100",
        "sport": 49991,
        "dst": "199.232.210.172",
        "dport": 80,
        "offset": 120192183,
        "time": 168.2222878932953
      },
      {
        "src": "192.168.1.100",
        "sport": 49992,
        "dst": "104.21.33.27",
        "dport": 443,
        "offset": 120195670,
        "time": 168.61175394058228
      },
      {
        "src": "192.168.1.100",
        "sport": 49994,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 120197207,
        "time": 172.70534777641296
      },
      {
        "src": "192.168.1.100",
        "sport": 50003,
        "dst": "172.67.140.186",
        "dport": 443,
        "offset": 120199055,
        "time": 176.7798318862915
      },
      {
        "src": "192.168.1.100",
        "sport": 50009,
        "dst": "194.158.198.23",
        "dport": 80,
        "offset": 120204584,
        "time": 178.93985676765442
      }
    ],
    "udp": [
      {
        "src": "192.168.1.100",
        "sport": 58259,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 60214,
        "time": 5.963201999664307
      },
      {
        "src": "192.168.1.100",
        "sport": 62931,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 316215,
        "time": 6.624899864196777
      },
      {
        "src": "192.168.1.100",
        "sport": 50914,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 350172,
        "time": 7.494121789932251
      },
      {
        "src": "192.168.1.100",
        "sport": 50415,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 361490,
        "time": 7.698967933654785
      },
      {
        "src": "192.168.1.100",
        "sport": 62509,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 395190,
        "time": 7.976555824279785
      },
      {
        "src": "192.168.1.100",
        "sport": 138,
        "dst": "192.168.1.255",
        "dport": 138,
        "offset": 447186,
        "time": 31.64496397972107
      },
      {
        "src": "192.168.1.100",
        "sport": 56961,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 484763,
        "time": 36.55828285217285
      },
      {
        "src": "192.168.1.100",
        "sport": 50445,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 584804,
        "time": 37.039145946502686
      },
      {
        "src": "192.168.1.100",
        "sport": 58386,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 776316,
        "time": 37.9337477684021
      },
      {
        "src": "192.168.1.100",
        "sport": 53610,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1238522,
        "time": 39.20835280418396
      },
      {
        "src": "192.168.1.100",
        "sport": 64058,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1626096,
        "time": 40.82876777648926
      },
      {
        "src": "192.168.1.100",
        "sport": 53629,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 1762971,
        "time": 45.57875990867615
      },
      {
        "src": "192.168.1.100",
        "sport": 62212,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 2099640,
        "time": 61.38307595252991
      },
      {
        "src": "192.168.1.100",
        "sport": 50206,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 61098424,
        "time": 67.99737882614136
      },
      {
        "src": "192.168.1.100",
        "sport": 61533,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 115635538,
        "time": 75.01502680778503
      },
      {
        "src": "192.168.1.100",
        "sport": 52722,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 115643371,
        "time": 75.83909296989441
      },
      {
        "src": "192.168.1.100",
        "sport": 50561,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 116644284,
        "time": 77.94987487792969
      },
      {
        "src": "192.168.1.100",
        "sport": 55575,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 117408429,
        "time": 80.8286828994751
      },
      {
        "src": "192.168.1.100",
        "sport": 51923,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 117790978,
        "time": 101.47537088394165
      },
      {
        "src": "192.168.1.100",
        "sport": 60775,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 117814210,
        "time": 103.62570977210999
      },
      {
        "src": "192.168.1.100",
        "sport": 53262,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 117825955,
        "time": 111.24647784233093
      },
      {
        "src": "192.168.1.100",
        "sport": 49470,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 118112566,
        "time": 119.55660796165466
      },
      {
        "src": "192.168.1.100",
        "sport": 53314,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 118116166,
        "time": 127.71421098709106
      },
      {
        "src": "192.168.1.100",
        "sport": 56231,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 119355937,
        "time": 132.43291687965393
      },
      {
        "src": "192.168.1.100",
        "sport": 55255,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 119459827,
        "time": 139.93884086608887
      },
      {
        "src": "192.168.1.100",
        "sport": 53656,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 119461184,
        "time": 140.47504782676697
      },
      {
        "src": "192.168.1.100",
        "sport": 52591,
        "dst": "8.8.4.4",
        "dport": 53,
        "offset": 119463940,
        "time": 140.74131393432617
      },
      {
        "src": "192.168.1.100",
        "sport": 62307,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 120183857,
        "time": 148.1147699356079
      },
      {
        "src": "192.168.1.100",
        "sport": 58612,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 120186707,
        "time": 156.30442881584167
      },
      {
        "src": "192.168.1.100",
        "sport": 55975,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 120189475,
        "time": 164.41975688934326
      },
      {
        "src": "192.168.1.100",
        "sport": 54028,
        "dst": "8.8.8.8",
        "dport": 53,
        "offset": 120196767,
        "time": 172.66279697418213
      }
    ],
    "icmp": [
      {
        "src": "192.168.1.100",
        "dst": "8.8.4.4",
        "type": 3,
        "data": ""
      }
    ],
    "http": [
      {
        "count": 2,
        "host": "i.pki.goog",
        "port": 80,
        "data": "GET /gsr1.crt HTTP/1.1\r\nHost: i.pki.goog\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0\r\nAccept-Encoding: gzip, deflate\r\n\r\n",
        "uri": "http://i.pki.goog/gsr1.crt",
        "body": "",
        "path": "/gsr1.crt",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1777334676.35413
      },
      {
        "count": 2,
        "host": "i.pki.goog",
        "port": 80,
        "data": "GET /r4.crt HTTP/1.1\r\nHost: i.pki.goog\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0\r\nAccept-Encoding: gzip, deflate\r\n\r\n",
        "uri": "http://i.pki.goog/r4.crt",
        "body": "",
        "path": "/r4.crt",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1777334676.377061
      },
      {
        "count": 2,
        "host": "i.pki.goog",
        "port": 80,
        "data": "GET /we2.crt HTTP/1.1\r\nHost: i.pki.goog\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0\r\nAccept-Encoding: gzip, deflate\r\n\r\n",
        "uri": "http://i.pki.goog/we2.crt",
        "body": "",
        "path": "/we2.crt",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1777334676.398022
      },
      {
        "count": 2,
        "host": "i.pki.goog",
        "port": 80,
        "data": "GET /gsr4.crt HTTP/1.1\r\nHost: i.pki.goog\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0\r\nAccept-Encoding: gzip, deflate\r\n\r\n",
        "uri": "http://i.pki.goog/gsr4.crt",
        "body": "",
        "path": "/gsr4.crt",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "version": "1.1",
        "method": "GET",
        "first_seen": 1777334676.426371
      }
    ],
    "dns": [
      {
        "request": "i.pki.goog",
        "type": "A",
        "answers": [
          {
            "type": "CNAME",
            "data": "pki-goog.l.google.com"
          },
          {
            "type": "A",
            "data": "209.85.233.94"
          }
        ],
        "first_seen": 1777334676.313808
      },
      {
        "request": "nnzn.sa.com",
        "type": "A",
        "answers": [
          {
            "type": "A",
            "data": "172.67.140.186"
          },
          {
            "type": "A",
            "data": "104.21.33.27"
          }
        ],
        "first_seen": 1777334774.816072
      }
    ],
    "smtp": [],
    "irc": [],
    "dead_hosts": [
      [
        "52.123.242.97",
        443
      ],
      [
        "72.154.7.109",
        443
      ],
      [
        "72.154.7.107",
        443
      ],
      [
        "72.154.7.98",
        443
      ],
      [
        "72.154.7.101",
        443
      ],
      [
        "72.154.7.102",
        443
      ],
      [
        "72.154.7.105",
        443
      ],
      [
        "72.154.7.100",
        443
      ],
      [
        "72.154.7.108",
        443
      ],
      [
        "72.154.7.16",
        443
      ],
      [
        "46.149.110.67",
        80
      ]
    ]
  },
  "suricata": {
    "alerts": [],
    "tls": [
      {
        "srcport": 49821,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "8.8.8.8",
        "timestamp": "2026-04-28 00:04:36.343529+0000",
        "version": "TLS 1.3",
        "sni": "dns.google",
        "ja3": {
          "hash": "87c36e0efdb847c153954b9f4778e764",
          "string": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,45-13-43-51-23-0-65037-65281-5-27-10-11-35-18-16-17613,4588-29-23-24,0"
        },
        "ja3s": {
          "hash": "eb1d94daa7e0344597e756a1fb6e7054",
          "string": "771,4865,51-43"
        }
      },
      {
        "srcport": 49823,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "8.8.8.8",
        "timestamp": "2026-04-28 00:04:36.588850+0000",
        "version": "TLS 1.3",
        "sni": "dns.google",
        "ja3": {
          "hash": "eca10cbdddc3be37612b1d322437c105",
          "string": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,51-23-5-45-27-65281-0-35-16-65037-43-10-17613-13-18-11,4588-29-23-24,0"
        },
        "ja3s": {
          "hash": "eb1d94daa7e0344597e756a1fb6e7054",
          "string": "771,4865,51-43"
        }
      },
      {
        "srcport": 49859,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "8.8.8.8",
        "timestamp": "2026-04-28 00:05:09.373573+0000",
        "version": "TLS 1.3",
        "sni": "dns.google",
        "ja3": {
          "hash": "00cf290bd02b8f31a70af6a46e70e981",
          "string": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,18-10-16-17613-11-65037-13-0-51-5-27-43-45-23-35-65281,4588-29-23-24,0"
        },
        "ja3s": {
          "hash": "eb1d94daa7e0344597e756a1fb6e7054",
          "string": "771,4865,51-43"
        }
      }
    ],
    "perf": [],
    "files": [],
    "http": [
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.372776+0000",
        "uri": "/gsr1.crt",
        "length": 797,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.398022+0000",
        "uri": "/r4.crt",
        "length": 455,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.426371+0000",
        "uri": "/we2.crt",
        "length": 582,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.461245+0000",
        "uri": "/gsr4.crt",
        "length": 480,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.479811+0000",
        "uri": "/gsr1.crt",
        "length": 797,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.504707+0000",
        "uri": "/r4.crt",
        "length": 455,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.533500+0000",
        "uri": "/we2.crt",
        "length": 582,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49822,
        "srcip": "192.168.1.100",
        "dstport": 80,
        "dstip": "209.85.233.94",
        "timestamp": "2026-04-28 00:04:36.602253+0000",
        "uri": "/gsr4.crt",
        "length": 480,
        "hostname": "i.pki.goog",
        "status": 200,
        "http_method": "GET",
        "contenttype": "application/pkix-cert",
        "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 Edg/145.0.0.0",
        "referrer": null
      },
      {
        "srcport": 49964,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:15.766281+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49967,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:20.006459+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49969,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:06:24.126919+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49971,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:06:28.225251+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49973,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:06:32.321218+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49974,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:06:36.356087+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49975,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:06:40.478755+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49979,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:44.529173+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49981,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:48.648938+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49984,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:52.702848+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49985,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:06:56.758624+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49986,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:07:00.855858+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49987,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:07:04.973828+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49988,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:07:09.019397+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49989,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:07:13.130239+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49992,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "104.21.33.27",
        "timestamp": "2026-04-28 00:07:17.228789+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 49994,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:07:21.322425+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      },
      {
        "srcport": 50003,
        "srcip": "192.168.1.100",
        "dstport": 443,
        "dstip": "172.67.140.186",
        "timestamp": "2026-04-28 00:07:25.396786+0000",
        "uri": "\\xd06A?#vo\\xb2\\x8e\\xe9O\u0014\\xd2\u0018A\u001e7\\xb5\\xa9\\xd0\\x82k_\\xa3\\x96\\xbf_\\x90\\xed\\xb0\\xda\\xd5V(\\xdd\u0018W\u001c&^\\xbe",
        "length": 155,
        "hostname": null,
        "status": 400,
        "http_method": "@\u0000\u0000\u0000m\\x95\\xfb\\xf0ry",
        "contenttype": "text/html",
        "ua": null,
        "referrer": null
      }
    ],
    "dns": [
      {
        "timestamp": "2026-04-28T00:04:36.313808+0000",
        "flow_id": 1347798268111531,
        "pcap_cnt": 501,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 63118,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 51226,
          "rrname": "i.pki.goog",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:04:36.332392+0000",
        "flow_id": 1347798268111531,
        "pcap_cnt": 508,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 63118,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 51226,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "i.pki.goog",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "i.pki.goog",
              "rrtype": "CNAME",
              "ttl": 46,
              "rdata": "pki-goog.l.google.com"
            },
            {
              "rrname": "pki-goog.l.google.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "209.85.233.94"
            }
          ],
          "grouped": {
            "CNAME": [
              "pki-goog.l.google.com"
            ],
            "A": [
              "209.85.233.94"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:04:36.313379+0000",
        "flow_id": 1345953405434139,
        "pcap_cnt": 500,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 50415,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 30694,
          "rrname": "i.pki.goog",
          "rrtype": "HTTPS",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:04:36.335268+0000",
        "flow_id": 1345953405434139,
        "pcap_cnt": 509,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 50415,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 30694,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "i.pki.goog",
          "rrtype": "HTTPS",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "i.pki.goog",
              "rrtype": "CNAME",
              "ttl": 84,
              "rdata": "pki-goog.l.google.com"
            }
          ],
          "grouped": {
            "CNAME": [
              "pki-goog.l.google.com"
            ]
          },
          "authorities": [
            {
              "rrname": "l.google.com",
              "rrtype": "SOA",
              "ttl": 60,
              "soa": {
                "mname": "ns1.google.com",
                "rname": "dns-admin.google.com",
                "serial": 906246128,
                "refresh": 900,
                "retry": 900,
                "expire": 1800,
                "minimum": 60
              }
            }
          ]
        }
      },
      {
        "timestamp": "2026-04-28T00:06:14.816072+0000",
        "flow_id": 1816153648664402,
        "pcap_cnt": 112229,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55000,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 23912,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:19.860889+0000",
        "flow_id": 882744385571458,
        "pcap_cnt": 112248,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 53262,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 51963,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:14.907606+0000",
        "flow_id": 1816153648664402,
        "pcap_cnt": 112230,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55000,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 23912,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:19.930671+0000",
        "flow_id": 882744385571458,
        "pcap_cnt": 112254,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 53262,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 51963,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:24.047436+0000",
        "flow_id": 203740035361809,
        "pcap_cnt": 112545,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54181,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 2776,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:24.117330+0000",
        "flow_id": 203740035361809,
        "pcap_cnt": 112548,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54181,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 2776,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:36.328622+0000",
        "flow_id": 1129947697569652,
        "pcap_cnt": 112611,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 53314,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 25214,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:36.347027+0000",
        "flow_id": 1129947697569652,
        "pcap_cnt": 112612,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 53314,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 25214,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 296,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 296,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:28.171019+0000",
        "flow_id": 1297474841349245,
        "pcap_cnt": 112574,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 49470,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 4778,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:28.188811+0000",
        "flow_id": 1297474841349245,
        "pcap_cnt": 112575,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 49470,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 4778,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 291,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 291,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:32.281155+0000",
        "flow_id": 81653408914589,
        "pcap_cnt": 112593,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 50682,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 3340,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:32.312316+0000",
        "flow_id": 81653408914589,
        "pcap_cnt": 112594,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 50682,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 3340,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:40.373513+0000",
        "flow_id": 196852561055717,
        "pcap_cnt": 113472,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 52551,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 55034,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:40.467164+0000",
        "flow_id": 196852561055717,
        "pcap_cnt": 113671,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 52551,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 55034,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:44.499455+0000",
        "flow_id": 1300721239746479,
        "pcap_cnt": 113811,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54953,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 51310,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:44.520142+0000",
        "flow_id": 1300721239746479,
        "pcap_cnt": 113812,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54953,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 51310,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 280,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 280,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:48.553252+0000",
        "flow_id": 124401674192080,
        "pcap_cnt": 113878,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55255,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 9153,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:48.612793+0000",
        "flow_id": 124401674192080,
        "pcap_cnt": 113879,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55255,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 9153,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:52.679195+0000",
        "flow_id": 1228273083889710,
        "pcap_cnt": 114604,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 62337,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 14545,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:56.729181+0000",
        "flow_id": 35585121757709,
        "pcap_cnt": 114618,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 62307,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 43448,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:00.762980+0000",
        "flow_id": 1306652160259686,
        "pcap_cnt": 114631,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 61947,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 37956,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:06:52.693478+0000",
        "flow_id": 1228273083889710,
        "pcap_cnt": 114605,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 62337,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 14545,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 272,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 272,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:06:56.749764+0000",
        "flow_id": 35585121757709,
        "pcap_cnt": 114619,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 62307,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 43448,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 263,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 263,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:00.846305+0000",
        "flow_id": 1306652160259686,
        "pcap_cnt": 114632,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 61947,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 37956,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:04.918840+0000",
        "flow_id": 5740224473900,
        "pcap_cnt": 114645,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 58612,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 62117,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:08.982777+0000",
        "flow_id": 1406247769521012,
        "pcap_cnt": 114657,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 56890,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 5942,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:21.277208+0000",
        "flow_id": 346176924930863,
        "pcap_cnt": 114720,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54028,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 30570,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:04.947707+0000",
        "flow_id": 5740224473900,
        "pcap_cnt": 114646,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 58612,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 62117,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:09.009851+0000",
        "flow_id": 1406247769521012,
        "pcap_cnt": 114658,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 56890,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 5942,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:21.295237+0000",
        "flow_id": 346176924930863,
        "pcap_cnt": 114721,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 54028,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 30570,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 288,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 288,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:25.355376+0000",
        "flow_id": 1526330806302198,
        "pcap_cnt": 114739,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 59752,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 63722,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:25.373155+0000",
        "flow_id": 1526330806302198,
        "pcap_cnt": 114740,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 59752,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 63722,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 239,
              "rdata": "172.67.140.186"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 239,
              "rdata": "104.21.33.27"
            }
          ],
          "grouped": {
            "A": [
              "172.67.140.186",
              "104.21.33.27"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:13.034168+0000",
        "flow_id": 428226991226569,
        "pcap_cnt": 114671,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55975,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 12244,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:13.120730+0000",
        "flow_id": 428226991226569,
        "pcap_cnt": 114672,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 55975,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 12244,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      },
      {
        "timestamp": "2026-04-28T00:07:17.153020+0000",
        "flow_id": 1501644520753981,
        "pcap_cnt": 114705,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 56579,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "query",
          "id": 53120,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "tx_id": 0,
          "opcode": 0
        }
      },
      {
        "timestamp": "2026-04-28T00:07:17.218782+0000",
        "flow_id": 1501644520753981,
        "pcap_cnt": 114706,
        "event_type": "dns",
        "src_ip": "192.168.1.100",
        "src_port": 56579,
        "dest_ip": "8.8.8.8",
        "dest_port": 53,
        "proto": "UDP",
        "pkt_src": "wire/pcap",
        "dns": {
          "version": 2,
          "type": "answer",
          "id": 53120,
          "flags": "8180",
          "qr": true,
          "rd": true,
          "ra": true,
          "opcode": 0,
          "rrname": "nnzn.sa.com",
          "rrtype": "A",
          "rcode": "NOERROR",
          "answers": [
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "104.21.33.27"
            },
            {
              "rrname": "nnzn.sa.com",
              "rrtype": "A",
              "ttl": 300,
              "rdata": "172.67.140.186"
            }
          ],
          "grouped": {
            "A": [
              "104.21.33.27",
              "172.67.140.186"
            ]
          }
        }
      }
    ],
    "ssh": [],
    "fileinfo": [],
    "eve_log_full_path": "/opt/CAPEv2/storage/analyses/47/logs/eve.json",
    "alert_log_full_path": null,
    "tls_log_full_path": null,
    "http_log_full_path": null,
    "file_log_full_path": null,
    "ssh_log_full_path": null,
    "dns_log_full_path": null
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "antivm_checks_available_memory",
      "description": "Checks available memory",
      "categories": [
        "antivm"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 2398
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6640
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6645
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_computer_name",
      "description": "Queries computer hostname",
      "categories": [
        "system_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 2892
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3148
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3375
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3632
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3877
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4117
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4349
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4582
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4829
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5061
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5291
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5516
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5745
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5976
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6206
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6440
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6699
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6926
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7137
        },
        {
          "type": "call",
          "pid": 3884,
          "cid": 159
        },
        {
          "type": "call",
          "pid": 3200,
          "cid": 165
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_user_name",
      "description": "Queries the username",
      "categories": [
        "system_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 2291
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3149
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3376
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3633
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3878
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4118
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4350
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4583
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4830
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5062
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5292
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5517
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5746
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5977
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6207
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6441
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6700
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6927
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7138
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "dead_connect",
      "description": "Attempts to connect to a dead IP:Port (2 unique times)",
      "categories": [
        "network"
      ],
      "severity": 1,
      "weight": 0,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 3095
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3358
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3624
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3871
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4109
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4341
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4574
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4821
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5056
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5283
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5508
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5737
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5971
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6198
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6432
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6691
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6920
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7129
        },
        {
          "IP": "104.21.33.27:443 (unknown)"
        },
        {
          "IP": "172.67.140.186:443 (unknown)"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_keyboard_layout",
      "description": "Queries the keyboard layout",
      "categories": [
        "location_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 2443
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3105
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3749
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 972
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1007
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1605
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1609
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 371
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antisandbox_sleep",
      "description": "A process attempted to delay the analysis task.",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 2132
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2188
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2293
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2307
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2314
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2373
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2400
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2404
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2405
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2432
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2435
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2448
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2451
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2454
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2456
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2459
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2470
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2473
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2500
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2508
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2521
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2527
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2529
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2534
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2539
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2544
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2554
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2567
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2579
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2621
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2623
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2626
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2629
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2632
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2635
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2641
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2649
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2653
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2662
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2669
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2672
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2677
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2680
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2683
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2684
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2687
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2707
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2712
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2715
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2717
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2718
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2733
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2743
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2751
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2756
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2766
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2776
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2777
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2788
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2799
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2807
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2809
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2829
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2840
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2847
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2854
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2861
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2874
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2879
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2887
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2889
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2988
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2992
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2997
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3011
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3012
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3013
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3067
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3086
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3087
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3094
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3107
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3108
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3109
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3110
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3111
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3112
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3113
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3114
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3115
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3116
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3117
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3118
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3119
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3120
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3123
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3124
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3125
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3129
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3138
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3139
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3140
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3163
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3166
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3178
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3181
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3183
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3184
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3185
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3186
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3188
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3189
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3190
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3191
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3193
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3194
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3195
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3196
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3197
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3198
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3199
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3200
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3202
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3207
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3208
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3223
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3226
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3229
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3232
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3235
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3238
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3241
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3244
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3246
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3249
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3254
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3259
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3262
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3265
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3268
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3271
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3273
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3276
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3279
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3282
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3285
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3288
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3291
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3294
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3297
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3299
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3302
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3307
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3310
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3313
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3316
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3319
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3322
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3325
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3327
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3330
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3333
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3336
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3339
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3342
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3345
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3351
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3359
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3366
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3367
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3369
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3409
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3410
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3419
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3422
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3425
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3428
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3431
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3434
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3437
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3439
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3442
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3445
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3448
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3451
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3454
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3457
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3460
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3463
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3465
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3468
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3471
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3474
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3477
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3480
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3483
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3486
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3489
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3492
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3494
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3497
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3500
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3503
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3506
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3511
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3514
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3517
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3519
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3522
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3525
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3528
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3531
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3536
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3540
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3543
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3545
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3548
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3551
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3554
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3557
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3560
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3563
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3566
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3570
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3573
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3576
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3579
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3582
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3585
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3588
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3591
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3593
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3596
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3599
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3602
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3605
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3608
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3614
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3617
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3625
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3640
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3645
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3650
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3652
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3653
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3658
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3661
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3664
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3667
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3670
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3673
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3676
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3678
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3681
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3684
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3687
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3690
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3693
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3696
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3699
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3702
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3705
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3707
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3710
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3713
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3716
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3719
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3722
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3725
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3728
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3731
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3734
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3736
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3739
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3754
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3759
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3762
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3765
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3767
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3770
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3773
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3776
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3779
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3782
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3785
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3788
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3791
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3793
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3796
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3799
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3802
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3805
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3810
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3813
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3816
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3819
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3822
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3824
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3827
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3830
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3833
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3836
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3839
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3842
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3845
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3848
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3850
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3853
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3856
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3864
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3872
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3886
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3887
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3890
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3895
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3898
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3900
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3903
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3906
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3909
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3912
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3915
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3918
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3921
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3924
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3926
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3929
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3932
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3935
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3938
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3943
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3946
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3949
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3952
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3954
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3957
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3960
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3963
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3966
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3969
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3972
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3975
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3978
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3981
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3983
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3986
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3989
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3992
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3995
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 3998
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4001
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4004
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4007
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4010
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4012
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4015
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4018
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4021
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4024
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4027
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4030
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4033
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4036
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4038
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4041
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4046
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4051
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4054
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4057
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4061
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4064
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4067
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4070
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4073
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4076
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4079
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4082
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4085
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4087
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4090
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4093
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4096
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4102
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4110
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4126
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4131
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4134
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4137
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4140
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4143
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4145
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4148
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4151
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4156
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4159
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4162
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4165
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4168
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4171
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4173
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4176
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4179
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4182
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4186
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4189
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4192
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4195
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4198
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4201
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4203
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4206
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4209
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4212
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4215
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4216
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4217
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4220
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4222
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4223
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4226
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4229
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4232
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4237
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4242
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4245
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4247
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4248
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4253
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4256
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4259
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4262
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4265
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4268
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4271
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4273
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4278
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4281
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4284
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4289
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4292
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4295
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4298
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4300
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4303
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4306
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4309
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4312
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4315
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4318
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4321
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4326
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4328
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4334
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4342
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4358
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4363
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4366
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4371
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4374
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4377
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4380
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4382
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4385
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4388
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4391
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4394
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4397
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4400
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4404
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4405
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4410
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4413
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4418
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4421
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4424
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4427
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4429
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4432
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4435
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4438
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4441
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4444
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4449
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4452
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4455
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4457
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4460
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4463
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4466
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4469
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4472
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4475
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4478
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4481
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4483
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4486
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4489
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4492
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4495
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4498
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4503
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4506
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4509
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4512
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4514
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4517
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4520
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4523
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4526
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4529
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4532
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4535
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4538
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4540
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4543
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4547
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4550
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4553
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4558
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4564
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4567
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4575
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4591
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4596
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4598
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4601
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4604
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4607
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4610
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4613
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4616
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4619
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4622
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4624
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4627
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4630
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4633
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4636
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4639
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4642
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4645
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4648
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4651
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4653
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4656
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4659
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4662
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4665
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4668
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4671
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4674
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4677
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4679
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4682
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4685
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4688
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4691
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4696
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4699
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4702
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4705
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4707
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4710
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4713
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4716
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4719
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4722
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4725
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4728
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4731
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4734
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4736
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4739
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4742
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4745
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4750
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4753
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4756
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4759
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4762
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4764
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4767
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4770
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4773
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4776
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4779
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4782
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4785
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4789
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4791
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4794
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4797
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4800
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4805
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4808
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4814
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4822
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4838
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4843
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4846
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4848
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4851
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4854
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4857
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4860
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4863
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4866
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4869
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4872
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4874
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4877
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4880
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4883
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4886
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4889
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4892
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4897
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4900
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4902
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4905
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4908
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4911
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4914
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4917
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4920
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4925
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4927
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4928
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4933
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4938
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4941
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4944
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4947
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4952
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4954
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4957
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4960
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4963
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4968
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4971
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4976
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4978
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4981
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4984
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4985
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4990
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4993
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 4996
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5001
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5003
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5006
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5009
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5012
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5015
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5018
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5021
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5024
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5029
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5031
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5034
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5039
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5042
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5048
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5054
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5070
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5075
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5078
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5081
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5083
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5086
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5089
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5092
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5095
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5098
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5101
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5104
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5107
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5108
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5110
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5113
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5118
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5121
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5124
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5126
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5129
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5134
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5136
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5139
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5142
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5145
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5148
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5151
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5154
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5157
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5160
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5165
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5167
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5170
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5173
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5176
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5179
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5182
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5185
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5188
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5190
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5193
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5196
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5201
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5204
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5208
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5212
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5215
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5218
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5221
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5224
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5227
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5230
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5233
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5236
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5238
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5241
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5244
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5247
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5250
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5253
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5256
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5259
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5262
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5265
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5268
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5270
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5271
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5284
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5299
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5303
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5308
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5311
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5314
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5317
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5320
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5323
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5325
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5328
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5331
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5334
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5337
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5340
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5345
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5350
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5352
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5355
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5360
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5363
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5366
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5369
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5373
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5374
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5379
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5382
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5385
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5388
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5389
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5394
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5397
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5400
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5402
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5405
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5409
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5412
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5415
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5418
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5421
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5424
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5427
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5429
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5432
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5435
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5440
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5443
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5446
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5450
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5453
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5458
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5461
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5466
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5469
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5472
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5474
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5477
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5480
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5483
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5486
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5489
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5492
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5495
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5498
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5509
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5525
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5530
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5532
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5535
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5538
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5541
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5544
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5547
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5550
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5553
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5556
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5558
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5561
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5566
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5569
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5572
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5575
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5578
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5581
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5584
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5586
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5589
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5592
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5595
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5598
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5601
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5604
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5607
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5609
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5614
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5617
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5620
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5623
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5626
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5629
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5632
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5635
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5637
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5640
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5645
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5648
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5651
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5654
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5659
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5661
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5664
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5667
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5670
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5673
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5676
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5681
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5683
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5686
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5689
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5692
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5695
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5698
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5701
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5704
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5709
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5711
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5714
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5717
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5720
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5726
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5729
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5738
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5754
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5759
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5762
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5765
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5767
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5770
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5773
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5776
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5779
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5782
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5785
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5788
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5791
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5794
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5796
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5799
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5804
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5807
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5810
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5815
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5817
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5820
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5825
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5828
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5831
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5834
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5839
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5842
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5844
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5847
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5851
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5854
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5857
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5860
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5863
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5866
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5869
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5871
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5874
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5877
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5880
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5883
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5886
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5889
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5892
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5895
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5898
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5900
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5903
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5906
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5909
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5912
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5915
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5918
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5921
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5923
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5926
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5929
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5932
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5935
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5938
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5941
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5944
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5947
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5950
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5952
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5953
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5958
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5962
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5969
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5985
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5990
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5993
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5995
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 5998
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6002
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6005
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6010
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6013
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6016
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6019
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6022
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6024
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6027
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6030
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6033
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6038
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6042
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6045
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6048
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6050
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6053
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6056
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6059
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6062
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6067
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6070
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6073
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6076
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6078
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6081
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6084
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6087
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6090
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6093
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6096
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6100
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6101
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6106
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6109
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6112
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6117
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6120
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6123
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6126
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6128
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6131
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6134
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6137
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6140
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6143
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6146
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6149
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6152
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6154
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6157
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6160
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6163
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6166
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6169
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6172
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6175
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6178
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6181
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6183
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6186
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6199
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6215
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6216
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6221
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6224
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6227
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6230
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6231
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6232
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6237
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6239
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6240
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6245
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6246
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6256
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6259
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6264
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6266
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6269
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6272
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6275
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6278
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6281
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6284
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6287
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6290
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6292
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6295
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6300
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6303
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6306
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6309
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6312
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6316
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6319
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6322
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6326
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6329
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6332
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6335
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6338
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6341
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6343
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6348
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6351
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6354
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6357
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6360
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6363
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6366
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6369
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6371
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6374
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6377
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6380
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6383
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6386
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6389
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6392
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6394
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6399
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6402
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6405
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6408
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6411
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6414
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6417
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6421
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6425
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6433
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6449
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6450
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6455
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6458
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6461
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6464
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6467
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6470
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6472
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6475
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6478
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6481
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6484
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6487
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6490
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6493
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6496
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6500
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6501
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6506
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6509
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6512
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6515
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6516
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6523
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6525
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6526
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6531
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6534
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6537
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6540
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6544
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6547
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6550
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6553
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6558
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6561
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6566
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6569
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6571
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6574
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6577
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6580
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6583
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6586
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6589
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6592
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6595
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6597
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6600
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6603
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6606
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6609
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6614
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6619
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6622
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6624
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6627
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6630
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6633
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6636
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6681
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6684
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6692
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6708
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6713
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6715
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6718
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6723
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6726
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6729
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6734
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6737
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6741
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6744
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6747
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6750
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6753
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6756
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6761
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6764
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6766
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6769
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6774
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6777
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6782
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6785
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6788
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6791
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6793
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6796
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6801
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6804
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6807
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6810
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6813
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6815
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6818
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6821
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6826
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6829
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6832
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6835
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6838
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6841
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6843
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6846
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6849
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6852
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6855
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6858
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6861
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6864
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6867
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6869
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6872
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6875
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6878
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6881
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6886
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6889
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6892
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6895
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6897
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6900
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6905
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6908
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6913
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6921
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6937
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6940
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6943
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6945
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6948
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6951
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6956
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6959
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6962
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6965
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6968
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6970
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6973
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6976
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6979
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6982
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6985
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6990
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6993
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6995
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 6998
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7001
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7004
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7009
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7012
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7018
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7021
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7024
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7026
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7029
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7032
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7035
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7038
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7041
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7044
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7047
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7050
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7052
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7057
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7060
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7063
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7068
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7072
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7075
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7078
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7081
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7084
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7087
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7090
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7093
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7096
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7099
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7101
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7104
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7107
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7110
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7115
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7118
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7122
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 7130
        },
        {
          "note": "sex1.exe tried to sleep 271.67 seconds, actually delayed analysis time by 0.0 seconds"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "encrypted_ioc",
      "description": "At least one IP Address, Domain, or File Name was found in a crypto call",
      "categories": [
        "encryption"
      ],
      "severity": 2,
      "weight": 0,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 1266
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1267
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1268
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1269
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1270
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1271
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1272
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1277
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1278
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1279
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1280
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1281
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1282
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1287
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1288
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1289
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1290
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1291
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1292
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1297
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1298
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1299
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1300
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1301
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1302
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1307
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1308
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1309
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1310
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1311
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1312
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1317
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1318
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1319
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1320
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1321
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1322
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1327
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1328
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1329
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1330
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1331
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1332
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1337
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1338
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1339
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1340
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1341
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1342
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1347
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1348
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1349
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1350
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1351
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1352
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1353
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1358
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1359
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1360
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1361
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1362
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1363
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1368
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1369
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1370
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1371
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1372
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1373
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1378
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1379
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1380
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1381
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1382
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1383
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1388
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1389
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1390
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1391
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1392
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1393
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1398
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1399
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1400
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1401
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1402
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1403
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1408
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1409
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1410
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1411
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1412
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1413
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1418
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1419
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1420
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1421
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1422
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1423
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1539
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1543
        },
        {
          "ioc": "x00.text"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "reads_self",
      "description": "Reads data out of its own binary image",
      "categories": [
        "generic"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "self_read": "process: sex1.exe, pid: 6648, offset: 0x3030785c3030785c, length: 0x00001000"
        },
        {
          "self_read": "process: sex1.exe, pid: 6648, offset: 0x3030785c3038785c, length: 0x00000200"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "terminates_remote_process",
      "description": "Terminates another process",
      "categories": [
        "persistence",
        "stealth"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 1052,
          "cid": 19
        },
        {
          "process": "svchost.exe"
        },
        {
          "type": "call",
          "pid": 1052,
          "cid": 20
        },
        {
          "process": "svchost.exe"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "network_http",
      "description": "Performs some HTTP requests",
      "categories": [
        "network"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 30,
      "references": [],
      "data": [
        {
          "url": "http://i.pki.goog/gsr1.crt"
        },
        {
          "url": "http://i.pki.goog/r4.crt"
        },
        {
          "url": "http://i.pki.goog/we2.crt"
        },
        {
          "url": "http://i.pki.goog/gsr4.crt"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_entropy",
      "description": "The binary likely contains encrypted or compressed data",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [
        "http://www.forensickb.com/2013/03/file-entropy-explained.html",
        "http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
      ],
      "data": [
        {
          "section": {
            "name": ".rsrc",
            "raw_address": "0x0001cc00",
            "virtual_address": "0x00022000",
            "virtual_size": "0x00015fa8",
            "size_of_data": "0x00016000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "8.00"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "injection_rwx",
      "description": "Creates RWX memory",
      "categories": [
        "injection"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 240
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "uses_windows_utilities_to_create_scheduled_task",
      "description": "Uses Windows utilities to create a scheduled task",
      "categories": [
        "command",
        "lateral"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "command": "\"schtasks.exe\" /create /f /tn \"WAN Manager\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp\""
        },
        {
          "command": "\"schtasks.exe\" /create /f /tn \"WAN Manager Task\" /xml \"C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp\""
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
      "description": "Attempts to schedule tasks using an XML files that doesn't have .xml extensions",
      "categories": [
        "evasion",
        "execution",
        "persistence"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [
        "https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/windows/persistence_suspicious_scheduled_task_creation_via_masqueraded_xml_file.toml"
      ],
      "data": [],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "persistence_autorun",
      "description": "Installs itself for autorun at Windows startup",
      "categories": [
        "persistence"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 1628
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\WAN Manager"
        },
        {
          "data": "C:\\Program Files (x86)\\WAN Manager\\wanmgr.exe"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "rat_nanocore",
      "description": "Exhibits behavior characteristic of Nanocore RAT",
      "categories": [
        "rat"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 6648,
          "cid": 1266
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1277
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1287
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1297
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1307
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1317
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1327
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1337
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1347
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1358
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1368
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1378
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1388
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1398
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1408
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1418
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1539
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 1543
        }
      ],
      "new_data": [],
      "alert": false,
      "families": [
        "NanoCore"
      ]
    },
    {
      "name": "binary_yara",
      "description": "Binary file triggered multiple YARA rules",
      "categories": [
        "static"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "Binary triggered YARA rule": "DITEKSHEN_MALWARE_Win_Nanocore"
        },
        {
          "Binary triggered YARA rule": "Windows_Trojan_Nanocore_d8c4e3c5"
        },
        {
          "Binary triggered YARA rule": "Nanocore"
        },
        {
          "Binary triggered YARA rule": "Nanocore_RAT_Gen_2"
        },
        {
          "Binary triggered YARA rule": "NanoCore"
        },
        {
          "Binary triggered YARA rule": "NETexecutableMicrosoft"
        },
        {
          "Binary triggered YARA rule": "IsPE32"
        },
        {
          "Binary triggered YARA rule": "IsNET_EXE"
        },
        {
          "Binary triggered YARA rule": "IsWindowsGUI"
        },
        {
          "Binary triggered YARA rule": "IsPacked"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_Studio_NET_additional"
        },
        {
          "Binary triggered YARA rule": "Microsoft_Visual_C_v70_Basic_NET"
        },
        {
          "Binary triggered YARA rule": "NET_executable_"
        },
        {
          "Binary triggered YARA rule": "NET_executable"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "procmem_yara",
      "description": "Yara detections observed in process dumps, payloads or dropped files",
      "categories": [
        "malware"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsWindowsGUI' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsPacked' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'DITEKSHEN_MALWARE_Win_Nanocore' with data '['NanoCore.ClientPlugin', 'NanoCore.ClientPluginHost', 'IClientApp', 'IClientData', 'IClientNetwork', 'IClientAppHost', 'IClientDataHost', 'IClientLoggingHost', 'IClientNetworkHost', 'IClientUIHost', 'IClientNameObjectCollection', 'IClientReadOnlyNameObjectCollection', 'ClientPlugin', 'get_ClientSettings', 'get_Connected']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Windows_Trojan_Nanocore_d8c4e3c5' with data '['NanoCore.ClientPluginHost', 'NanoCore.ClientPlugin', 'get_BuilderSettings', 'IClientAppHost', 'AddHostEntry', 'LogClientException', 'PipeExists', 'IClientLoggingHost']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Nanocore_RAT_Gen_2' with data '['NanoCore.ClientPluginHost', 'IClientNetworkHost']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NETDLLMicrosoft' with data '['{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsNET_DLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsDLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsWindowsGUI' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_Studio_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_Studio_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NET_executable_' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NET_executable' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NETDLLMicrosoft' with data '['{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsNET_DLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsDLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsConsole' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_Studio_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_Studio_NET_additional' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Microsoft_Visual_C_v70_Basic_NET' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NET_executable_' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NET_executable' with data '['{ FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'DITEKSHEN_MALWARE_Win_Nanocore' with data '['NanoCore.ClientPlugin', 'NanoCore.ClientPluginHost', 'IClientData', 'IClientNetwork', 'IClientDataHost', 'IClientLoggingHost', 'IClientNetworkHost', 'IClientUIHost', 'IClientNameObjectCollection', 'IClientReadOnlyNameObjectCollection', 'ClientPlugin', 'get_ClientSettings']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Windows_Trojan_Nanocore_d8c4e3c5' with data '['NanoCore.ClientPluginHost', 'NanoCore.ClientPlugin', 'get_BuilderSettings', 'LogClientException', 'IClientLoggingHost']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'Nanocore_RAT_Gen_2' with data '['NanoCore.ClientPluginHost', 'IClientNetworkHost']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'NETDLLMicrosoft' with data '['{ 00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 }']'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsPE32' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsNET_DLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsDLL' with data '[]'"
        },
        {
          "Hit": "PID 6648 triggered the Yara rule 'IsConsole' with data '[]'"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "deletes_executed_files",
      "description": "Deletes executed files from disk",
      "categories": [
        "persistence",
        "stealth"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp16B1.tmp"
        },
        {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\tmp2CBA.tmp"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "recon_fingerprint",
      "description": "Collects information to fingerprint the system",
      "categories": [
        "discovery"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 75,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "removes_zoneid_ads",
      "description": "Attempts to remove evidence of file being downloaded from the Internet",
      "categories": [
        "generic"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "file": "C:\\Users\\cape\\AppData\\Local\\Temp\\sex1.exe:Zone.Identifier"
        },
        {
          "type": "call",
          "pid": 6648,
          "cid": 2097
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 10.0,
  "ttps": [
    {
      "signature": "antisandbox_sleep",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OB0001",
        "B0007",
        "B0007.008"
      ]
    },
    {
      "signature": "antivm_checks_available_memory",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "dead_connect",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "encrypted_ioc",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "persistence_autorun",
      "ttps": [
        "T1547.001",
        "T1112",
        "T1547"
      ],
      "mbcs": [
        "OB0012",
        "E1112",
        "F0012"
      ]
    },
    {
      "signature": "rat_nanocore",
      "ttps": [
        "T1219"
      ],
      "mbcs": [
        "B0022",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0005",
        "C0027",
        "OC0001",
        "C0016",
        "OC0001",
        "C0016",
        "OC0003",
        "C0042"
      ]
    },
    {
      "signature": "reads_self",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0001",
        "C0051"
      ]
    },
    {
      "signature": "terminates_remote_process",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "C0018"
      ]
    },
    {
      "signature": "binary_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "network_http",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "packer_entropy",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "procmem_yara",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "deletes_executed_files",
      "ttps": [
        "T1070"
      ],
      "mbcs": [
        "F0007"
      ]
    },
    {
      "signature": "recon_fingerprint",
      "ttps": [
        "T1012",
        "T1082"
      ],
      "mbcs": [
        "OB0007",
        "E1082",
        "OC0008",
        "C0036"
      ]
    }
  ],
  "malstatus": "Malicious"
}